Zero trust security, sensor agnosticism – expert insights from VentureBeat commentator Louis ColumbusOpinion
The Device Chronicle spoke with leading technology industry commentator Louis Columbus of VentureBeat to get his perspectives on topics such as zero trust security, and sensor agnosticism in Enterprise IoT and IoT cybersecurity.
Louis Columbus is a columnist for VentureBeat and he recently spent some time with the Device Chronicle sharing his perspectives on the latest trends in enterprise IoT and in IoT cybersecurity including topics such as zero trust security, and sensor agnosticism. He starts the interview by pointing readers to a very useful piece of research which has just been published by Honeywell on how cybercriminals can identify air gaps and capitalise them using USB keys and passive sensors. This trend has opened up a lot of gaps in security and this article addresses this aspect.
Zero trust security top of mind
Louis continues to point out that enterprise IoT is becoming more driven by the security decisions first, as cybersecurity is now a business decision, not just a technological one. In manufacturing, purchasing decisions around enterprise systems are now hinging on the security of IoT and edge devices involved in those systems. Louis continues “It is that big of a deal that boards of directors and C-level executives see cybersecurity as essential to operations as having the plant running every day.” He recalls a Bain and company study from 2018 which he believes is prescient in this discussion: “This study had a great sound bite on how much more executives are willing to pay for properly secured IoT devices. 93% of executives would pay 22% more for devices with better cybersecurity.” Louis notes that as we approach the end of 2021 now “100% of executives are willing to pay between 22% and 25% more for devices with better cybersecurity!”
Louis also observes that the topic of security is even more important for the CEOs and CTOs running manufacturing or in industries “that don’t experiment and move at the velocity of telecommunications companies or most software companies when it comes to new cybersecurity techniques.” These executives often do not come from software-native backgrounds. It’s great to see many of them reach the conclusion that cybersecurity is absolutely critical for keeping production running, and legacy, often on-premise cybersecurity techniques don’t scale to the scope of today’s attacks. They are also moving their businesses to the cloud to improve how quickly they can adapt and also aggregate, analyze and act on data from IoT and edge computing sensors and devices.
Movement towards sensor agnosticism
Louis also notes a further trend in the move towards sensor agnosticism in industry. Sensor agnosticism is the capacity of a computing component to work with various sensors and systems without requiring any special adaptations. The term can apply to either hardware or software. In an IT context, agnosticism refers to anything that is designed to be compatible across most common systems. Louis has met with and is tracking a group of startups who are building new platforms for monitoring, for example, one in worker safety that is completely sensor agnostic. Louis says that “sensor agnosticism builds into a cybersecurity vision of being able to talk to any sensor anywhere and get the data, and protect endpoints, and be able to bring zero trust and least privilege access to any device at any point where identity is the key parameter.”
Louis believes Everguard.ai is a startup to watch given the security, scale and speed of its technology-agnostic safety platform with advanced machine learning and computer vision technologies. “What makes Everguard’s Sentri360 platform so noteworthy is how it ties together industrial sensor technologies using sensor fusion, edge compute and AI algorithms, enabling them to learn dynamically “on the job,” Louis says. He says Everguard is the only worker safety platform that is proving it has the potential to lower incidents, injuries and corresponding costs. Louis continued, ”Everguard deserves to be recognized as a unique solution for prioritizing construction safety and the digital management of construction sites, enabling a proactive approach to both safety and productivity powered by AI and sensor fusion.” By having a safety platform that’s sensor agnostic, Everguard is scaling well in industries that are asset intensive, including steel production.
Zero trust is gaining momentum
Louis is seeing increasing interest in mid-tier enterprises including manufacturers pursuing zero trust Security frameworks. North American mid-tier manufacturers are often characterised by a single ERP instance running to support primarily one site. Zero Trust is gaining momentum because it can scale to protect every endpoint across single and multi-site manufacturing operations – which are typical in the mid-tier manufacturing and enterprise segments. Annual revenues to mid-tier manufacturers and enterprises are in the USD $30m to USD $100m range. They typically use IoT, cloud and AI to perform real time production and real time monitoring across their production shop floors. They are interested in connecting with PLCs (programmable logic controllers) and tend to favor systems that are agnostic when it comes to sensor integration.
Louis says mid-tier manufacturing companies make technology decisions based on the business case first, and aren’t quick to jump on technology bandwagons alone. They’re most interested in how they can better secure their core systems starting with ERP, followed by gaining greater insights using real-time production and process monitoring. “Manufacturers often ask, “How can a real-time production and process monitoring system help improve operations? And how can having an ERP system and real-time monitoring system sharing the same database in the cloud help my business?” Louis says. That’s the business case driving public cloud platforms’ increasing investment in sensor-agnostic technologies.
Microsoft is a company that excels in understanding smart manufacturing and the mid-tier market is a segment where zero trust security architecture has gained a firm foothold. Louis estimates that Microsoft Azure has between 10,000 and 20,000 implementations of zero trust. Louis notes that Microsoft is setting a quick pace of innovation when it comes to learning from their many successful zero trust initiatives. He notes the Azure teams recently explained how they are improving their zero trust framework in the recent post,Learn how Microsoft strengthens IoT and OT security with Zero Trust.
Louis also recently wrote about Microsoft’s ongoing improvements to their zero trust strategy in VentureBeat. At the recent Microsoft Ignite 2021 conference, Microsoft Azure then did a series of presentations with partners and explained the direction they are going with Azure and zero trust.
Nvidia is also fast-tracking their own Zero Trust Security strategy. Louis also points out that Nvidia is also making its strategic forays into zero trust: “With its industry leading GPUs, and Morpheus continuous learning software, the Nvidia expertise creating and scaling Software Development Kits (SDK) that capitalize on their silicon, Nvidia is excelling at enforcing Zero Trust down to the sensor level.”
Louis also covered Nvidia’s strategic technology partnership with BMW Group in a recent VentureBeat article. After doing his research for this article, Louis was struck with how integral digital twins came into the work level with instruction sets for both humans and robots, and it was really impressive to see the scale the partnership had achieved.
Louis is also tracking cybersecurity companies who are using AI and machine learning to improve zero trust and take on enterprises- greatest security challenge: keeping software patches up to date. Louis says that Ivanti is a company to watch in this area. “Ivanti is doing fascinating things with AI and machine learning right now. Their approach to patch management, ransomware protection and Zero Trust Security are impressive,” Louis says. “And their acquisition strategy is exceptional in the cybersecurity space. Acquiring MobileIron, Pulse Secure, Cherwell Software, and RiskSense are enabling Ivanti to provide end-to-end cybersecurity across the many challenges enterprises face today. They are definitely a company to watch,” Louis continued “Their application of AI to patch management is really quite impressive, and their acquisitions have been smart. Their vision is to extend and push beyond defense into offense using AI and ML,” Louis continued.
Importance of Over The Air (OTA) software updates
OTA software updates can be the Achilles heel for CISOs. Robust and secure systems for OTA software updates entail being able to flash update and do patch management intelligently. Whereas, the heavy activity of an inventory-based approach to patch management is a recipe for failure. Louis describes taking an inventory approach to patch management as “a hamster wheel with no closure.” There is excellent work using AI machine learning and bots to identify which devices need which patches and when. Ivanti and Absolute are both notable companies. Absolute has the world’s only firmware-embedded endpoint visibility and control platform and has over 13,000 customers. Absolute’s firmware is factory-embedded by 28 top device manufacturers in the system BIOS. Its firmware code is embedded in more than 500 million devices built by most of the world’s top device manufacturers. Louis says that Absolute Software’s Resilience, the industry’s first self-healing Zero Trust platform, is noteworthy for its device and application control, asset management and endpoint intelligence, incident reporting, and compliance. Louis says that Absolute’s 2021 Endpoint Risk Report is also a good read. The study found that 52% of endpoints have three or more endpoint management tools installed, and the greater the endpoint agent sprawl, the faster security controls collide and decay. Louis says the study shows why organizations need to overcome the tendency to overload endpoints because the more complex their configurations become, the more challenging they are to protect. Further, the Absolute study shows why having Zero Trust Security to the sensor and endpoint level is so essential today.
Blockers to IoT adoption
Louis was also asked about what is holding many organisations back from adopting IoT.
For Louis, the reasons are fear and time. “You might have a manufacturer making plastics where the physics of the machines can produce data that can reduce costs and help improve margins above 15 to 20%,” Louis says. But the anxiety and fear of not getting the data right holds companies back. No one wants to make a bad decision so many will hold off from investing in new smart manufacturing technologies. There’s also the fear on the part of shop floor workers of being monitored. That’s where a strong change management program can help, says Louis. “The most successful manufacturers adopting IoT and IoIT are careful to build support on the shop floor first and give workers autonomy and mastery of thow the data is reported. Being clear about the data is to improve manufacturing – not monitor them – is key.” Time is in short supply in all mid-tier manufacturers, exacerbated by the labor shortage, says Louis. “That’s also holding the process back; the labor shortage is making it difficult to find skilled manufacturing engineers who can interpret and take action on the data.”
Azure shaping up well
Finally, Louis was asked about how Public cloud platform support for IoT is shaping up. Louis remarks that “Azure has done the most to extend its platform. It has a world-renowned manufacturing team with specialists who understand every aspect of manufacturing and IoT intimately.” Louis also gives credit to Microsoft saying its product strategy recognises that the world is much more heterogeneous than other public cloud competitors would think it to be. Louis says the Azure product strategy reflects how challenging, complex and at times chaotic the jobs of CTOs and CIOs are. “Azure gets it, they realize that CIOs and CTOs need a public cloud platform that can integrate diverse data sources and be able to capitalise on a wide variety of IoT data, then triangulate and come up with new insights and actions to improve operations. Azure realizes tech stacks are inherently challenging to manage and that different databases, applications and systems need more heterogeneous support. Louis says Azure’s DevOps teams deserve credit for reading the market accurately and taking on the greatest challenges enterprises face.
We wish Louis well as he continues to report with authority on key technology topics in the zeitgeist on VentureBeat.
Louis publishes his own blog at Software Strategies .