Device mobility in IIoT allows dispersed devices, such as machines and sensors to function efficiently. Enterprises are increasingly looking out to take advantage of the rich analytics out of the raw data originating from these devices as part of their digital transformation.
Mobile IoT devices and endpoints typically operate across dispersed locations. A wide variety of protocols are used for these devices to communicate with each other and to the master controller nodes. The devices must also connect to the cloud-based or on-premise back office for advanced telemetry and data analytics services. As a result, implementing a uniform security layer to protect these devices and the device data from unintended exposure over the public Internet is a growing need.
Existing client-server based communication security protocols simply lack the ability to scale for enterprise IT to securely connect to these devices because the protocols were not originally designed to connect millions of such devices with the backend / cloud services. Here are the major factors:
The device IP addresses will change at arbitrary times because the devices are changing locations randomly.
Field workers require extensive IT knowledge to properly establish secure authentication and connectivity with remote machines and things.
Most of the devices are not IP-aware and are hence not capable of implementing IT-like security rules, leading to unintended exposure of the devices and the data to the public Internet.
Access credential is hard to manage and does not scale.
Existing communication security mechanisms are mostly client-server based where mobility is not a prerequisite. These are primarily IT-style, site-to-site secure connections and are dependent on the last-mile access connection.
The IT-style security connections cannot always support use cases such as offering isolating access rights between different groups of devices connecting to the backend.
Industrial enterprises thus need an identity-centric, network security infrastructure that supports a secure communication channel for millions of dispersed mobile or nomadic devices to connect and exchange data with the backend services. Each device maintains a permanent, virtual IP address based identity. Such a security architecture offers a very simple, user-friendly interface for facilities operators to provision access credentials and manage, track and monitor the devices seamlessly. The security architecture comes built-in with POTA capability. The network should ideally be able to shield the devices from any malicious data / command insertion or distributed denial-of-service (DDoS) threats. The network utilizes the zero-trust framework based on the ‘never trust, always verify’ principle, requiring each device to authenticate itself prior to exchanging data with the backend. Such a network can be provisioned over any untrusted last-mile access connectivity layer, and is multi-cloud friendly. The devices attached to such a network as well as the data exchanges with the backend services remain invisible to the public Internet.
Existing client-server based communication security protocols simply lack the ability to scale for industrial enterprises to securely connect to these devices because they were not designed foundationally to connect millions of devices with the backend / cloud services. Industrial enterprises thus need an identity-centric, network security infrastructure that supports a scalable communication channel for millions of dispersed mobile or nomadic devices to securely connect and exchange data with the backend services.