Internet of Things Security Starts at the Edge

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right good afternoon everybody everybody having a good afternoon yeah survived lunch it's crazy in there yeah alright so we're going to talk about IOT security I manage myself my name is Dave canet ski I'm Dell fellow and vice president and the client Solutions Group and my group is responsible for security of our client division which includes IOT which is hosted out of out of client as well as systems management data management etc I'm here with Rios and Jenn who will introduce themselves good sure hi everyone I'm Jenn Gilberg and I work at Intel we're partner obviously of Dell and I run our IOT security identity strategy and go to market for in Tulsa hi everyone I'm Jarl phonon i'm distinguished engineer at other say and for those of you who've been keeping up with all the acquisitions news you may know that RSA now is a dell technologies company through EMC we came to Dell now I need our EOT security initiatives at RSA and we have done some pcs and research that is actually downstairs in the booth area you're welcome to join and really walk through some of those pieces so how many of you are deploying IOT thinking about deploying IOT standardizing IOT looking at IOT security can spell IOT anything okay good well a question always like to ask is you know as you're as you're deploying IOT are thinking about an IOT infrastructure how different do you think IOT security is than traditional endpoint security and what do you think the major differences are anybody devices weren't intelligent enough to have their own bar wall yeah the comment was that most of the devices at the edge I would imagine are not intelligent enough to have their own firewall have their own protection system so they have been in the past vulnerable right and anybody else absolutely lots of protocols no standardization right so when we talk about security in the client world you know we talk about data protection we talk about identity we talk about advanced threat protection we talk about management and then as as user behavior analytics and whatnot are becoming part of our vernacular we talk about big data analytics and edge analytics you know it's it's really the same for IOT but the big difference that that we see as technologists and people who are offering solutions in IOT is that there's oftentimes no human involved right when when we talk about client security we often talk about somebody who's logging into a domain and getting access to resources but in the IOT world it's usually a machine-to-machine problem so a lot of your your common practices like provisioning become a big deal in IOT you may have a sensor that's in the middle of a field somewhere and you know how do you provision that thing for the first time how do you know it's yours how do you know it's not taken over by someone else how do you deal with data protection when to your point the edge devices usually don't have enough horsepower to do a lot of processing on their own you know how do you deal with threat protection when you're usually running OS is you say no standardization you're usually running os's that are not commonly supported by a client infrastructure so we're going to talk about a lot of the layers today and a lot of the approaches that we're taking and did I go the wrong no okay we gotta build so there have been a lot of press lately about IOT security unfortunately it has not been good press there's been a lot of botnets that have been created by IOT devices and edge devices CCTV cameras just happened to be the most recent a TAC surface or target right and when you when you look at a lot of the things that have been happening in the industry and when I talk to customers who are deploying or have IOT based infrastructures deployed most of them are proprietary so a lot of it is security through station or obscurity they don't really have a traditional MSA IT security infrastructure in place so they're getting a little bit worried right things are becoming standardized it's becoming a much larger attack surface they are starting to build their ot networks beside their IT networks and they're starting to put bridges in place which is a terrible idea but all of these things are starting to happen so they're getting worried about their security infrastructure and what they put in place and how to address the problem so that's that's an opportunity for us with the resources that we have as Dell and everything we've built out over the last decade and now with the influx of new technologies from EMC and especially from RSA what we keep what can we bring to bear in the IOT world right so I would tease it looks a whole lot like a client infrastructure you know there's a very simple diagram but the big differences are as you said you've got a very diverse set of end points usually sensors or some kind of infrastructure I mean it could be as complex as an HVAC system or it could be as simple as a temperature monitor right so you have a million different protocols coming into an aggregation point the aggregation for point for us just happens to be a gateway so Dell has launched a series of gateways that help with southbound connections two sensors net and infrastructure as well as the northbound connections back to data center and and larger analytics the idea behind security and IOT is that it really has to be architected as it said from the edge to the cloud if you don't think about your your identity and access infrastructure from the sensor all the way through data analytics and who has access to what and how they gain access to what both machines and humans if you don't think about data protection from the point of origin of the data all the way back into your analytics subsystem and if you don't think about your threat landscape again from the edge all the way to the cloud to the data center wherever you're doing your processing and analytics you are not producing a system that is going to be successful you're going to leave yourself open at some point and you know the the the adversary is going to look for the unlock window he's not going to come try to come through the front door right so you have to think about the entire system end to end so getting into exactly what we're thinking about from infrastructure and the plans were putting in placing better turn it over to Riaz and and we will talk about security concerns okay thank you so as do I have to stand now okay okay as Dave said both Dell and RSA have rich experience in securing IT and IT equipments and assets in this talk we intentionally focus more on the far left of the diagram here which is the starting with the devices and then moving towards the cloud and then on the far right we didn't even put all this stuff about users accessing the cloud and authentication and access control those are the stuff that we know we've been doing for decades we what we are doing now is our research and effort is more focused starting from the device side so in this presentation we are going to look at the devices the Gateway the data that is in the fog area in the space between the device and cloud and then the access methods and the mechanisms to securely reach the data and all for the for the Gateway to reach out to the cloud and then finally from the perspective of the cloud how do we get the aggregated view of the entire edge environment if you have few hundred gateways in a large deployment it's great to know that each gateway by itself is secure but how do I get as an IT perspective of the entire deployment so that is the sort of the only area we touch on the cloud is from that perspective so I mean how many people are familiar with the term fog that's few enough hands when we give them a little bit of a short insight into between by the fog yeah why don't you start yeah sure so the the idea of the fog in you and you may have heard of fog consortium you know it's one of the larger standards bodies that is working out there and the idea is that the compute infrastructure between the edge devices and the backend large enterprise either data center or cloud infrastructure is is more of a compute fog in other it's it's not it's not set architectural II in a in a hardened Shore fast way it's it's it's much more flexible so that allows us to do things like if you have a endpoint that has a whole lot more capabilities like let's say an HVAC system versus a temperature monitor then maybe you want to do a lot of edge analytics and so you just want rich data going back into the data center it you know reduces the amount of data that you have to pass back to the data center and it also allows you to create some orchestration in response on a much faster scale if you're doing some edge analytics that's that's a good example but in systems where you have maybe there like I said temperature or water monitors for an environmental system then you're not going to be doing a whole lot of edgy analytics and then you're going to have to do some of that at the gateway potentially or in some systems you may want some of those just being passed through the Gateway back into your cloud infrastructure and then doing a lot of your analytics on the cloud infrastructure a lot of it has to do with the speed of response exactly how close you want the the compute to be to the device itself and and what kind of infrastructure that you're deploying so that's why it's kind of called called the fog metaphor is it's below the cloud or it's a low hanging clouds though so to the grunt yeah there is a thought to why they call it fog right thanks Dave the only thing I add to what they've described about the fog is that the other factor is that your site is not always necessarily connected to the cloud so if we design everything based on that assumption that the cloud is always there locomotive that is going through a tunnel is not going to be able probably to connect to the cloud for a while so if the security services that we are designing depends on our services to be at the cloud and provide the functionality it doesn't always work the same for storage for analytics it depends on the use case obviously so yeah now going back or forward to the to the device considerations the first question that comes up and a lot of our customers ask about this in fact this morning someone at the booth had a whole story around the troubles and deaf qualities of provisioning the devices onboarding a device especially nowadays you might have seen in the press that there are cameras in the market that they are compromised as you purchase them so these are type of issues that people run into and the concern is that how do I know the how do I verify the authenticity of the device that I'm deploying I don't want to go too much into that because we have our special guest here jen is going to go through the our partnership with Intel and capabilities that they bring specifically for trusted onboarding authentication is fairly straightforward as they've had that discussion at the beginning it's not that different from their the enterprise techniques that we've had the difference the only difference which might be actually a key factor here is that devices are not always as capable as a typical endpoint and there is certainly nobody standing there to type in the username password so in that context there are definitely differences and we are exploring the authentication mechanisms that are suitable for for a device versus a an IT asset or a human being and then again in that context also as with the rest of RT it's all about partnership and using the right partner with the right expertise for the right solution to the problem and we have a number of partners in fact device authority is one of them I see my friend sitting right there so we are working with partners in that respect as well next one data integrity and confidentiality if the the data is important enough for you that you have gone through the trouble of deploying IOT therefore you care about that data too to be correct to come from a known device and be authentic therefore there are concerns around that and then finally behavioral analytics is a sort of the mechanism to fill in the gap in all the other aspects in the cases that the device is not capable of performing crypto functions because of limited storage limited compute capabilities there are other ways to compensate for that and in fact that is a rich area of research right now in our Gogi and that is through profiling the devices and having expectation that under normal condition how should the device behave and when you see anomalies you trigger an alert and alert hopefully goes to that initial picture we had there is a central data center you receive your alerts from all these devices and you react to them in fact I'd like to put a plug here we have a demo of some of these capabilities especially around anomaly detection and device behavioral analytics downstairs in our booth area in the IOT pavilion if you are interested stop by and I definitely like to hear your feedback and your thoughts in that area now I'd like to ask Jen to walk us through the yes this is yourself so is anyone here in operations technology okay so this is exactly the opposite so last week Ria's and I spoke at an OT conference a building management conference and we spoke to a roomful of OT executives and there was a lone IT guy and what we talked about in our session was this tension between OTN IT so OT you know needs to be efficient they want to get these IOT deployments up and running they want to move fast they want to get the ROI back and I t's like wait a minute I don't want that on my network and so there's this tension between the two and a lot of it is on this device onboarding and getting things on your network that you know are trusted and that you know are secure the second they hit your network and so Intel has been working with a lot of our ecosystem partners including device Authority so you can smile a not scowl and gel and a bunch of others to help solve this problem I always give the example Intel at our corporate headquarters our CEO wanted to install wind turbines on the roof of our building so operations went out and said aye aye sir and bought a bunch of wind turbines and installed them an IT set up so they have been on our roof for almost a year now and have not been operational because again you know it illustrates the tension between IT and OT and I saw them start moving a couple weeks ago so I think they've they've solved the secure onboarding manually because we don't have this out yet but but it is a real tension and you know IT owns the security of the network and you really don't want something coming on your network that's not secure and you know we joke that being in IOT security makes you really not fun at parties anymore because someone will say what are you working on Jen and I say IOT security and they say oh what someone's going to hack a light bulb and then you have to like vomit on them on like all the things that could go wrong and how people are waiting for that light bulb to go on your network connected to your network not secure and they will find their way in and and then they back away from me and there you go so so what we want to talk about today is this prototype that Intel is working on it shipping next year we're very interested in doing pocs with real live customers to make sure we're designing it right so if this is of interest to you then you know I'll be around after and definitely come up to me and let me know so the idea behind this is you have an IOT platform management system so that could be the Dells ECM system it could be something like an air watch that could be device management it could be device authority with their credentialing it could be Intel's Winn River helix device cloud it could be as your IOT hub any of the whatever the backend platform management is going to be that's that brown box and that will integrate with our system on the device side we're using an embedded root of trust technology that Intel has made a standard it's called enhanced privacy ID it's an embedded sir but instead of being traditional PKI where you have a one-to-one mapping it's a one-to-many mapping so I can assert that I'm a legitimate Intel Atom chip without giving up my identity and where this becomes critical is the big fear around IOT deployments broad scale is the bad guys building threat maps and then doing denial of service and taking out a city a building a runway you know you name it and so with epidemic ating to to determine where the device is and so you wouldn't be able to target a denial service attack on a broad scale system so we've been pushing up it as a standard microchip Atmel a bunch of other MCU providers are competitions of their arm MSE use our embedding epidemic to enable it with this technology almost gave our code name aware mod system so yeah so the idea behind it is the device when it first boots up it log it phones home to this service that Intel will be hosting and then on the meantime the person who bought it gets a digital document similar to a blockchain registry but it's you know not public that they've imported in that gets sent to the service so when the device phones home it's told where to go so this line three after the device home phones home it goes directly connects to the platform that'll be managing it and then the final state is that platform provisions its agent and the device authority keys or anything that will be used to authenticate back to the platform so we've taken a process of typically a manual deployment where ot is on the phone with IT learning how to key the device while his head is in the ceiling on a ladder we've taken that process that we hear takes anywhere from 20 minutes to several hours down to a 20 second power on so what we showed at our developer conference was booting up a Dell gateway and seeing it provision into azure IOT hub in 30 seconds walk away and so again the idea is the device doesn't show up on your network until it's authenticated by a hardware root of trust and then you immediately provision the identity access or the credentials that are going to be used for it to authenticate to the Gateway or to back to the backend so that's again something that we're working to build out the ecosystem on we're working with building platform management vendors we're working with oil and gas you know depending on the vertical and again if this is something that you think you'll need you see this tension you don't want OT wildly deploying things come find me and we can coordinate early POCs make sure we get your feedback any questions on that yeah yeah exactly so the the pop out and nothing happens in this trust broker service it's just a redirect so it's not we're not executing the trust in the cloud that happens directly with your back-end no no no that's not and in fact if that part goes away and you know who the management platform is you can do that stick go directly to step 3 and still have that mutual authentication so that you know that that's a legitimate correct Dell gateway that I'm installing not some something that's been compromised yeah exactly so the problem of things starting on your network already compromised goes away because you can attest to the legitimacy of the device before you even provision it and what I always say I love about this is Security's a hard sell because it's insurance this is actually solving a usability problem and we just snuck security in so so your seaso will be happy with you said right all right thank you Jeff yeah yeah actually on a recent RFP we were reviewing that RSA from a major Smart City project in Middle East one thing that was essential for them it was a must was secure provision everything else they were saying that if we can have data surance as a starting point then we can live with some other flexibilities in you know authentication and monitoring everything else but putting the device on their network was absolutely essential that it had to be you know secure deployment okay so moving forward I forgot which button was forward oh ok so just little doubt quick yeah I guess you covered everything here thank you all right so the next one in that series of sequence of cases that we were planning to cover is the considerations around the Gateway I don't know how many of you are familiar with or was open web application security project this is an open organization community actually worldwide that their goal is to publish best practices for traditionally or initially they started with web applications but now they are expanding into other areas so recently they are starting to work on an IOT project so they in fact they have published their top ten security concerns for IOT they are doing a very good research in IOT space so if you are interested just google that it pops up right away and take a look at the list of at least top ten that they have it's very important if you are considering deploying our IT projects to be familiar with some of these common issues and most of the stuff we are covering here or actually overlapping with that list so therefore your best practices and hardening you have to make sure that the device that now maybe it used to be as Dave said earlier in an m2m network in a private network network now it's going on internet so you want to make sure that if it has the not if but it has some sort of OS inside is it hardened have they follow the best practices for configuring it so those are kind of things that as part of best practices is absolutely crucial for for you to consider next one is secure boot and execution and in fact this is a good one Dave since you started by sort of comparing ite ot Dell has had a long experience in in this area you want to say few words about how it's applicable to IOT yeah absolutely so as I as I described earlier we have a long history of doing a you know client based infrastructure based security Adel and a lot of the a lot of the differentiation for Dell is the fact that we do have endpoints or do manufacture the endpoint so we can leverage secure roots of trust we can leverage secure firmware the software on the box you know whereas most other security suppliers only have access to the application level software secure boot is one of those areas or I should say secure BIOS secure firmware is one of those areas that we've been working for well over a decade and we're one of the medivac we were the first supplier to start the leveraged TPM with the BIOS who were the first supplier to do secure boot trusted boot long before it became a required standard for both Microsoft and from our Intel partners and technology so being able to take all of that work that we have done over the last ten years and leverage that now into our gateways into the IOT world is something that is a differentiator for us and it also increases the security posture of the Gateway itself and then we'll do that with all with a lot of other technologies as we move things forward in the IOT world you know we have a long history of development and then especially now with RSA in these core technologies and leveraging them into the IOT world is is is something that will create a secure foundation for you our customers as you start to deploy IT like technologies into your ot world thank you so next one is another interesting one secure credential storage this is a brief tangent and also as an RSA speaker I cannot talk about security and not mention our tokens as you know we have those Hardware tokens and we have software version of that so that is a very similar situation to here that we have a credential that is absolutely critical deceit for that software token that gives the the strength of the two-factor authentication stead of stuff it is in software and we've worked with the Intel and we use Intel technology for securing the seed on a software token into a secure storage into the hardware so that is a good example of how in IOT for example a gateway that is sitting in the field somewhere how you can secure the credentials that is that Gateway needs for whether it is for communication southbound or northbound so vertex like one of the big breaches we're seeing now is default passwords so so a public service announcement is go home and make sure all your home stuff has changed from default passwords because there's been a number of they're actually doing ransomware hacks now on your stuff at home and so if you have this embedded credential even if someone forgot to change a default password someone couldn't try to do get into your network through that account if it has the additional level of security so but still change your there you go okay you're good husband right and then the last one is threat intelligence generic term we put here to to signify all the research and all the work we are doing into using analytics to add intelligence to the Gateway box to take care of the devices that are sitting behind it that are incapable of maybe you know the little sensor or the thermostat that don't have the capability for providing krypter capabilities for for securing their communication so in this case for example I mentioned briefly the profiling that's one approach the credential the default credentials we can easily have a predefined list of default credentials for different manufacturers and do a sanity check periodically and issue an alert in fact in the recent the major DDoS attack that Dave mentioned at the very beginning when they looked at it was something like 150,000 cameras were compromised when they looked at the the range of data that they had collected in that attack they realized that only about 68 username/password unique username passwords were used so they base and they could easily map that to the manufacturer of each device so as you can see that with bid 60 pair of 68 pair of username credential they managed to break into one hundred forty eight hundred fifty thousand devices so it is that critical something that is so simple to take care of as you mentioned so now moving forward on the secure access side again there are similarities and there are differences between this environment and a typical IT and end point on the authentication and authorization whether the communication is from the device outbound or from the cloud coming to Gateway and to the device basically the same principles apply we want to have mechanisms to check the identity of the the other end perform some level of entitlement and access control and for that of course we rely on our expertise and experience in the IT side which is our standards such as OAuth how many of you are familiar with OAuth in IT space yeah that OS basically is just gives you a way to communicate securely and make sure that the requester is authorized for the request that is issuing to the resource which is exactly the scenario we have here when the device needs to communicate with the cloud or vice versa and last week as we were hearing in the summit that we attended Jen and I there was a lot of emphasis on challenges that ot is facing with IOT in every deployment that if they have inbound connections coming to the gateway they use the gate delegate wafers for their scenario IT gets very upset so they had intentionally designed the architecture was such that communication was always from inside out so even when you want to request for example a patch update you send the request outward and then the cloud service tells you whether you have an update or not rather than trying to connect to you and for dr. so these are some of the basic principles that if you are dealing with a vendor you are looking into a deployment making a IOT deployment are good considerations to have in mind data integrity is again very straightforward it's all about protection of data providing the integrity for data and provenance to make sure where the data is coming from maybe use some tagging mechanism in the Gateway to identify the data as it goes out to the cloud and credential management it's again another side of the flip side of the same coin in this case the Gateway has to have credential for communicating with outside on the security and monitoring this is actually one area I'm not sure if those of you I guess one individual from ot you face this or not but what I hear from our customers is that there is IT is very concerned about having visibility into the devices that are coming their facilities into their manufacturing site they basically want to know if these devices are now connected through the internet where do they connect to what kind of data leaves their enterprise what happens to the data when it goes out is it protected is it properly archives so those are aspects of monitoring and security that is very important for for IOT and in fact we are we are exploring some some areas regarding how we can extend our enterprise monitoring tools for security into ot either directly or through partnership then alerting and reporting again that is that is just about everything we've been talking about so far if there is a problem that is caught it better be alerted and reports generated so basic principles again but is very important to make sure that the the OT manufacturers and providers have considered these factors because these are not that common to an organization that has been working let's say on physical things now that they have to connect with out with IT as that diagram tries to represent there is a convergence and and both sides have to start learning about each other and finally operational security debt is again back to the notion of ot has its own infrastructure and unpracticed is and culture but when you deploy that now in enterprise and it gets connected to the internet and becomes part of the digital fabric of the enterprise you need to have provisions for what happens when a preacher what what should we do when a breach happens what is the tools and mechanisms for doing forensic right for example if your connected devices are talking back net and Modbus and all these other protocols hundreds of them how can you do you have right tools for doing the analysis when a preacher occurs so in that area again we are looking into partnerships with vendors such as voltage which is their expertise is going deep into these ot protocols something that on the IT side we don't have that expertise so partnership again is the right answer for that and then the last one is about this is actually critical maintenance and update for those of us who have cars that are now very much high-tech we know what happens when a brief when a vulnerability is discovered making an appointment spending a day at the dealership they you know do whatever they have to do to update the software right but imagine now comparing that to some maybe just one manufacturer in the other industry now that has these mechanisms online update patching which happens overnight you don't even need to worry about it next morning you go to your car and it's already updated its patched and the next day they make the announcement that what what was the one in ability because they can react so quickly so the patch weather we tested so yeah basically that takes care of the secure software update absolutely critical for for ot and connected devices the other one is the secure maintenance some of you may be familiar with IIC which is in dusts industrial internet consortium and they have a security group and RSA and Dell and EMC we are part of that so in one of their meetings one of the customers was saying that they had deployed this you know state-of-the-art OT device which was connected and everybody was excited that finally they could remotely manage it and the the cost of maintenance and operation was going down but one thing that they realized was that even though all the other stuff we talked about earlier we're kind of incorporated into the design for the data path and access to the device and all that but there was an SSH access to the device bypassing everything else just literally on the Internet putting IP address sshi Pettis and connecting to the device with username password and how secure that password is we don't know but it is username password after all given all the other considerations that we are put into your deployment so it is important to make sure that when we do these deployments what kind of access the provider has to the device because that is effectively access to our enterprise to our network and how secure that is and again that is an area that you're looking into standards such as Open ID Connect and OAuth again that provide actually profiles for devices so it's not all about just people accessing resources so I think this was the next one is you I believe yeah so we just do a lot of information that you before we move on are there any questions anything that has has spurred you know maybe a topic of conversation you know we want you to take this the direction that you want to take this as well so anything I don't get a hand I'll call on somebody do we see standardization coming in on the gateway we certainly hope so you know that that's no you're exactly right I would I would say in rehab please jump in and Jen the standardization won't necessarily be at the hardware platform or even OS layer but certainly in communication protocols and compute infrastructure Oh questions - do you want to add anything to them the only thing I add is that both are icy and open for conception they have groups that are actually focusing on security oh I see is more of an end-to-end and cloud aspects but open fog is as Dave explained what fog is is specifically about the fog area and gateways so if you look at and there if you have access to their materials it's by membership but if you look at for example the document they are publishing now and security of the fog they quite a bit of it is all about actually gateway right so they don't necessarily standardize but they provide reference architectures and guidelines and then they have liaisons with standard bodies that have to supply the protocols that they need for that reference architecture so the answer is yes but it's emerging it's a new area anyone else so a lot of what we're starting to see is as as people are deploying their their new IOT infrastructure and they're looking at trying to pull together the worlds of ot and IT they're also under pressure to get a out into the marketplace and get it operational right so we have to balance security usability right if they if they take the time and put a security architecture in place and then start to deploy what we all consider traditional IT security implementations or capabilities into an OT world it starts to slow down the project then they start to get concerned about time to value in time to time to market in some cases and so we've seen we've seen instances where just like ok we'll just forget about it for right now just put it all in place where we'll go do it afterwards well you all know that if you put a PC or a server on the open internet without any kind of security you know firewalls or anything it'll be a matter of tens of seconds before it's come up compromised there's no difference in the idea in the IOT world if you're connecting your oth restructure to the Internet right so balance you know security usability time to value time to market but at least put those huge hitters in place first and we'll talk about this in the next couple of slides you'll let us help you right a lot of times you may not have the resources to do it all yourself what we are trying to do is put together a partner network so that we have the right partners for you that we can put together the right infrastructure and the right white right group of resources so that you can put a solution together quickly get it to market get time to value and I'll explain that a little bit on a coming slide limit your attack surface so we we talked and I made a joke in the very beginning or maybe it was the last session I don't know they're all running together but you know a lot of people to to facilitate the deployment of their ot infrastructure will tie their IT and ot know together which generally is really that idea right so anything that you see in in the sensor world so you know what would you want a hack of your CCTV cameras to be able to get into your back-end domain right you wouldn't so at least segmentation of networks and and and we have a white paper out there that talks about best practices in security and best practices and IOT security so please contact us afterwards or please go to our website and do a search and you'll be able to find the white papers we have on best practices I am always going wrong way alright alright so you know I think we've four statements obvious right we've been here for 45 minutes now talking to you about IOT security so obviously it's going to be a key success factor for any implementation as security is a key success factor for any IT or ot or any compute infrastructure deployment right you can't you know everybody laughed when I said oh we'll just get it out there we'll think about security later you have to think about security upfront and you have to put the architecture in place and you have to put them the resources and money in place to make sure that you're doing it right at the outset right sizing your implementations and this will talk to our partner network - in a few minutes but if you go over to our IOT area in the in the hall you will see that there is I wanna say there's 10 to 12 solution pocs demos that we're doing and if you look at the set of partners and technology contributors to those those demos they're they're all different and they're all different because all of the all the goals of the implementations were different and so based on your goals based on what you're trying to accomplish the technologies that you need to deploy you're going to be slightly different so right sizing understanding what your attack surface is understanding where the adversaries are going to come after you based on your architecture is important and again it's something that that Dell and Dells partners can help you with to make sure that you're right sizing your solution as you as you deploy and the trusted advisors taking a holistic view so yes I mean IOT is a is a great new opportunity for Dell and the Dell family of companies we launched ourselves into IOT about a year and a half to two years ago and it really hit full steam just this year but it was not only a new area of compute that we are able to leverage our assets and our capabilities into a new area a new marketplace but it was also an area that we thought that we could bring kind of that trusted advisor role to to your solutions the one of the one of the great things that we've you know just announced with our family of companies RSA mozi and air watch today was the fact that those solutions now are rolled into our portfolio of products so that you as our customers have one place to call for sales one place to call for support and then we're able to support your entire infrastructure and we're putting all that together with IOT as well being able to give you that one place for you to call the place that you've trusted for years with your compute infrastructure we also want to be your trusted place for IOT infrastructure as well okay so we've talked about a lot of this and I won't belabor the points but being able to to leverage our infrastructure portfolio I can't say enough about our partner program so if you're not familiar with our partner program please go on to our I o T website so you can see all of the different levels that we have the partners that are in place what those partners are able to do for you and then our OEM group is able to put that set of partners together for you to solve all of your problems combined with of course the Dell technologies that have been developed for gateways back-end infrastructure everything from RSA and our management partners with AirWatch so that we're able to provide that that full portfolio for your solution and proven use case blueprints so as we go out and do a deployment or an architecture or a solution for a partner we're also able to create a blueprint for an area so for example if you're trying to do industrial control and it's mostly HVAC and you put a solution in place together if you go from one place where we're shouldn't pick on anybody let's say but one place that we may be displacing Johnson Controls or someone else and going into another place that has a very similar architecture we're going to be able to leverage your blueprint and as we move forward over time we're going to create those blueprints so that you can go up and see what we've done so we've put in place and look and say you know what this one is very similar to what I need and here's a few tweaks and then we can start from that point we don't have to start from scratch and you'll see those things emerging as well I hit on all these things you know global scale and support everywhere ordell is we hope that you were your supplier in your compute infrastructure as well and bringing that support structure in that sales structure to to IOT we are the trusted brand and we will bring that trust in that support and that service to the to the world of IOT as well and I will not talk about project financing options because I'm the CTO guy so but contact us and we'll get the right the right finance book people involved if if that's a concern of yours and with that this is the last slide so again I'm going to turn it over to questions from the audience please go to our IT sector or a lot of good demos a lot of interesting things to see and you can see how this whole world is evolving as you look at the demos understand to that that we are developing custom IP that is actually the engine behind a lot of the demos that you see and over the next couple of months you'll see some announcements from us for some core IP that that creates a standardized compute infrastructure ok so any other questions as you say Intel's logos missing just because it takes us longer to sign the paperwork should be there shortly so don't don't think we're not part of the Alliance yes those are using the gateways those are using Windows or is it specialized OS how's the that working we we are we are supporting I'm sorry oh okay we are supporting Windows new embedded windows we were supporting snappy and we're also supporting Wynn river those are the three that are the core we have also projects that have deployed other OSS again we can work with you if you have an OS of choice or something you've already deployed do we need to work within but all of our new development is is across those three windows iron key enterprises that right yeah tea coffee I understand peyote for standard sorry what is the highest priority standardization that is needed by the industry right now at least the top two or three mention a gate you're a little bit more active in open fog yeah others yeah the the primary concerns right now are around the South Lawn of the gateway the connection to the devices and northbound to the cloud but as I said these are at least the two groups that we talked about here I I see an open fog they don't actually develop the standard so they are not going to publish a spec that you're going to implement but they do publish spec that is a reference architecture and guide you through other standards that can be used to implement that reference architecture for example for the devices there are IETF initiatives around access control and authentication for constrained environment so that is one thing that is specifically designed for low power low compute capable devices and it allows you basically to do a lightweight over the closest that I can tell you I can use to describe it there are communication protocols again for communication between devices and gateway or the cloud that co-op is a good example of that if you are interested in looking into standards and co-op is very much designed after HTTP so that the load on the gateway actually can be minimized as the device goes through the Gateway the data gets aggregated and goes to the cloud so there are those are some of the specific examples around IOT and standards sorry what was that you said again well that well then I'll stay at the application level or come down the ones I mentioned they are all application levels but if you look at if you are interested in the low level like level 2 yeah then there are 6 low pan is an example that I'm that's not quite in my area of expertise but basically you can think of that as ipv6 sort of constraint and minimize to fit into a constrained environment right so for example coop can run on top of 6lowpan so that your your transport layer actually is ipv6 compliant which is makes it much easier in future when you have millions of devices in our billions in IOT space so we a potential for separation instead of just physical separation today you know we can do a lot of logical separation along with that right and and the level of most of these standards are being designed whether at the low level or the application level to be more compatible with Internet because the goal is that in we were talking about this yesterday that in 10 years probably it's all Internet we don't call it all your T vs I T vs o T right and in order to get there you have to minimize the friction so 6lowpan is easier to integrate with ipv6 at low level co-op is what makes it much easier to integrate with HTTP and other typical internet standards so that is the general approach that industry is taking okay one more hi how you doing a keto burn from a Sophie and I kind of interested in some things you coverage of five years in PKI and twelve years doing Sdn and NFV for Vodafone AT&T and Verizon I'm wondering you didn't talk much about the transport networks the kind of 2g 3G 4G LTE NV IOT and what contributions they can make or what detractions they make to the connectional feel distributed assets in OT you might have Wi-Fi but you might not want to use it because it's breached to the corporate network just for a transport network perspective yeah I guess one challenge for us for designing the presentation for 45 minutes was that IOT space is so broad we can literally spend hours jerks just talk about standards so to give you an example in the last RSA Conference in February there was a gentleman from one of the government agencies that is regularly I guess FCC regulating 5g and he was explaining how for the first time they actually had to go out and hire cryptographers because they want to make sure 5g when it hits the market is secure and doesn't suffer from so and the reason for doing that is all IOT I mean their vision is that whether they are government is looking into connected car or all these other connected things because of the concerns for safety security regulations all of that they want to make sure that the standards hit the market from the get-go in a secured state and then of course they can expand it or they can enhance it over time so that's why we didn't go into details but you're right there are there is so much effort currently whether through standards or through proprietary techniques for all levels of basically OSI stack you you name it start from physical layer go all the way up and they are all getting revamped and adjusted for this new emerging world of IOT but that that might be an interesting topic actually for another presentation to focus on that as I say I always say is finally getting its day in the Sun with iron tears I know it's finally you know it's going to be the baseline for IOT I think so it's finally getting going to be the bright shiny object but another variety Wireless in particular we have a couple of technologists who are focus specifically on that so if you have additional questions we'd be happy to hook you up with or a vehicle yeah and you know the challenge with that is in specifically PKI now that is coming back to make sure that it's manageable because the complexity is another problem that we have to deal with in our LTC yeah yeah but but something like it yeah yep right yeah yeah so the epitaphs or because the privacy thing we don't talk a lot about privacy with security in IOT but we need to raise it because there are a lot of examples of either tracking things through a system or building those threat maps that we want to mitigate so I'm that's probably separate but it might I'm not 100% sure we're big company so I thank you all yeah appreciate it and thanks Ria's and Jen for spending the time have a great rest of the afternoon

Info

Channel: Dell Technologies World

Views: 7,679

Rating: 4.9523811 out of 5

Keywords: dell, dell world, dell events, events, Internet Of Things Security, IOT, Internet Of Things, IOT Systems, IT Security, IOT Gateways, Sensor Equipment, IOT Ecosystems, IOT Strategy

Id: A6KoS7CQaqs

Channel Id: undefined

Length: 57min 35sec (3455 seconds)

Published: Thu Oct 20 2016