EdgeLox Management and Security platform establishes a secure platform to identify all infrastructure and bring them under management. Security and Management are enabled along 4 dimensions: Device Lifecycle Management, Software Lifecycle Management, Device and Service Discovery, Security Lifecycle with Tamper and Anomaly detection and policy enforcement. Software Lifecycle management is an important phase in maintaining security and software version compliance across the IoT infrastructure. It builds on top of the device lifecycle management part where infrastructure has been brought under management.
Typical device level artifacts managed are OS patches, security patches and firmware changes along with any configuration changes related to monitoring or remote connectivity. Application level changes involve Docker Container Management. Both device and application level management use “Over The Air” (OTA) upgrade mechanism to deploy changes.
Provisioning, Compliance& Uninstallation: allows the packaging and installation of Software/Firmware. The software bits are packaged and associated with manifest files to drive actions on files. They are then actively associated with devices in Campaigns and delivered to them with failures handled in a robust way and reprocessed as necessary. After the completion of the Provisioning process, the software packages and versions on devices are fully managed and compliance with respect to established policies maintained at scale.
Updates are necessary to improve or fix (business logic functionality, general bug, security issue or firmware update) software on gateways and devices. The ability to roll out fixes at scale has a lot of relevance given the need to address large scale cyber-attacks very quickly. In addition to deployment, this will enable the long-term policy-based compliance mechanism for software versions on devices and gateways. While this process uses the OTA provisioning outlined above, this will enable us to remotely modify software and firmware for changing behavior, improving performance for certain use case, etc.
Considering possible security issues arising from leaving unused bits unmonitored and storage limitations, it is as important to remove unwanted software or firmware as it is to install when required. In addition to removing software, associated data and volumes will need to sanitize as well. During a data sanitization process, sensitive data is rendered inaccessible. There are different levels of data sanitization based on how difficult it is for an adversary to gain access to the data. Here, as outlined in Figure 10: Volume Encryption/ Data Sanitization, we consider Cryptographic Erase (Secure Wipe), a process that will effectively destroy the passphrase to the entire volume from its storage, the TPM non-volatile memory, making the entire volume with all its bits and data unusable.
Container Management is a key aspect of the ongoing updates. It is important to have the ability to host, deploy, monitor and drive actions on containers. As shown in Figure 9: Container Management, EdgeLox brings the best of both worlds, Kubernetes and Containers to the Edge to drive workload execution at scale.