The Device Chronicle interviews Uladzislau Bayouski, Senior Director of Software Engineering at EPAM Systems, Inc. about IoT innovation such as Smart Greenhouse, build or buy strategy, and the importance of Zero Trust security in IoT.
In the beginning
Uladzislau explains that he started out in the .Net and Microsoft environment then he began to take interest in IoT projects, observed ready-made solutions and involved communities and a high focus on open-source development. He says, “Executing an open-source strategy in IoT can be complicated to ensure that you have the right direction and approach, but you can achieve solutions quickly from pre-made (open source software), and you have a lot of flexibility and freedom to create. But you must watch the security aspects carefully.”
Smart greenhouse and other IoT use cases from EPAM Innovation Labs
Uladzislau highlights two very interesting projects from EPAM. The first one comes from EPAM Innovation Labs where prototypes and new concepts are developed. One of the solutions that came out of this group recently came from the agricultural sector. This is the Smart Greenhouse project. By way of background, Uladzislau explains that the green houses had well-developed automation and securely built monitoring systems. But as Uladzislau explains, there was a deficit in the use of data that could help predict plant growth within the greenhouse so it can be used more efficiently to optimize workload and energy usage. The engineers were not so familiar with botany, but they had to learn about how plants grow and the different types of sensors for light, temperature, pressure and so on that could be used in the greenhouses. These sensors were connected to the monitoring and security systems for control and eventually they consolidated all of their work into an installable package so that if a customer would like to set up a network of such greenhouses, software would be available to complement the sensor hardware. While developing the POC, there was an Oracle competition for implementation of smart things, and they applied and won this prize.
The second example is from EPAM Continuum, the integrated business, experience, technology, and data consulting practice of EPAM specializing in digital transformation. Often, you need to have capabilities in different areas, hardware and software, and prototype of an object in a very specific area of industrial design. There are important points that need real expertise. Healthcare is where IoT should have a real impact so as to make patients more comfortable and secure if things can be anticipated in time. An example is EPAM’s partnership with medical device company Mindray to develop a novel patient monitor. In hospitals, patient rooms are often crowded with bulky, antiquated systems and monitors that read patient data. After thoroughly researching the pain points of care givers, EPAM Continuum created an innovative patient monitoring system that easily provides critical information when and where healthcare professionals need it, offering an unmatched user experience.
Strategic thinking on buy vs build
Uladzislau then reflects on how he started his software engineering career and felt that he always needed to build a solution from scratch. He recalls his idea to get valuable engineering experience, even if it came through failure. Now, he reflects that there are many contexts which determine whether you should buy or build, and these are generally based on cost, time, control, and solution maintenance. Technology consulting is a huge part of what EPAM does, advising customers how they can build and adjust in the most efficient way. It depends on the complexity of the solution and how much confidence and control you want over the code base and feature development. “Now, customer service is key. Is the provider listening to the problem and prioritizing the request? If the product exists on the market and covers 60% of what you need then go and use it. It will not be a silver bullet but will get you a long way.” For EPAM’s enterprise customers, in many cases the hybrid approach is advised: we want to accelerate some development but we will also advise on existing solutions available on the market. If a particular component of an ecosystem needs to be developed, let’s say a part that is responsible for security, it may need additional security levels such as in healthcare.
Importance of OTA software updates in IoT projects such as Smart Greenhouse
From Uladzislau’s perspective, OTA software updates are mostly about securing IoT devices in projects such as Smart Greenhouse and Patient Monitor. In the late 90’s, he recalled a scary incident with the chat app ICQ, then some unknown participant asked Uladzislau, “Do you want me to restart your computer?” Then the hacker did it. This was a wake-up call to him on the importance of security. He says, “For crucial devices in healthcare and other sectors, thousands of devices are vulnerable to attack. Modern cars and vehicles now get software updates for advanced features that affect people’s safety such as autopilot. Zero trust is a must now that we have IoT and cloud architecture as central as it is to IT strategy and new product development. Today, we must consider diverse solutions with many components that run in many different ways. This includes cloud components and many varieties of applications which consume our APIs and data. Security and the protections you should take are constantly changing. You should always verify the device that is trying to connect to your network and verify software updates before installing on your device. Never trust on face value and always have mutual authentication, which is crucial for OTA.”
Uladzislau believes that a robust process is needed for handling requests from devices to get updated from a central server in a way that the request can be verified and trusted. “A couple of sessions and secret keys are needed. Timestamps need to be tracked and the schema needs to be encrypted for the transfer from the server to the client.” In any architecture, he says, it is simple to miss something at an early stage and almost impossible to fix it in the future. “You would need to rework the whole solution. These things related to mutual authentication, they may have a drawback for IoT with tiny devices that may not have much computing power or storage capacity. Many developers try to improve lightweight security schemas for mutual authentication, it is lightweight because you throw something away. The trade-off should be reasonable. Today, there are many existing solutions to manage an IoT device fleet and they have security mandated in them. Azure with IoT Hub, GCP, AWS IoT, doesn’t remove all security risks but they are generally fast at fixing things and the changes affect everybody when applied at one level. If you do not have great expertise in security, it may be better to rely on these partners.”
We wish Uladzislau and his colleagues at EPAM well as they help enterprises embrace new technologies for better business outcomes.