Enterprises are deeply experienced with and fully understand the challenges of managing and maintaining remote IT facilities and assets. That said, the growing momentum of Internet of Things initiatives and solutions at the edge of corporate networks is likely to stretch organizations’ assumptions about remote IT to the limits.
Why so? Because IoT assets, like edge gateway systems are designed to be deployed and function in isolation. Sophisticated tools and autonomous features can help ease IT’s management burden but they do little, if anything, to secure devices against tampering or theft. Additionally, the pre-configured features and settings that enable IoT edge systems to operate independently often exceed the capabilities of the on-site staff members who maintain them. As a result, clueless errors or accidental events can directly impact the success of owners’ broader IoT goals.
A recent blog by Doug Beloskur, IoT Product Manager for Lenovo’s Cloud and Software team discussed these issues and how the company is addressing them. Let’s consider Lenovo’s approach.
Securing the IoT edge
Edge of network devices can be the objects of different kinds of crime. Simple theft is the most obvious since an isolated edge of network solutions costing thousands of dollars make attractive targets for common thieves. But their access to and integration with corporate IT makes these devices attractive to cyber criminals hoping to steal data directly or infiltrate organizations’ larger networks.
What is Lenovo doing to thwart these scenarios? Beloskur highlights the company’s use of an intrusion switch that enables the ThinkSystem SE350, to detect when the cover has been opened by an unauthorized person. Lenovo has also integrated a sensor into the device to detect atypical device motion. If either the cover or motion sensor is tripped, the SE350 automatically goes into “lockdown” mode, encrypting all the data in its SED enabled SSD storage and preventing power distribution to the host system.
If a SE350 is locked down, offsite admins or edge users can unlock the system using Lenovo’s cloud based ThinkShield Key Vault Portal and the ThinkShield Edge Mobile Management app. These are the same solutions that customers use to unlock devices from the factory state (since systems are shipped from the factory in an encrypted/lockdown state so they are secured during shipping). Also noteworthy is that the ThinkShield SE350 and related solutions can be utilized in both Internet-connected and air-gapped IT environments.
Seamlessly supporting edge IoT from the data center
Beloskur also describes the potential vulnerabilities that can arise due to the “skills gap” between infrastructure administrators and IoT edge users at facilities, like warehouses, grocery stores and construction sites. Since administrators can’t be onsite to manage every IoT edge installation, some would consider the disparity in skills to be an unavoidable problem.
In contrast, Lenovo has used its understanding of the issue to craft solutions that extend the reach of infrastructure administrators and support the needs of IoT edge users. These include onboard security software and operational tools for the ThinkShield SE350 and other Lenovo solutions, including security set-up, and plug and play install and update functions that can be managed remotely. As Beloskur concludes, “Together, the infrastructure administrator and the IoT edge user work together to establish and maintain security at the edge.”
An oft-forgotten truism is that while new technologies may fix existing problems, they often create other challenges. In the case of IoT, the collection and analysis of information at the far edges of corporate networks is leading to new insights and enhancing the value of business data assets. But IoT deployments also require companies to adopt new, often unfamiliar approaches to deploying, managing, maintaining and securing edge of network assets and data.
Solutions, like Lenovo’s ThinkSystem SE350, ThinkShield Key Vault Portal and ThinkShield Edge Mobile Management app demonstrate how a perceptive vendor can anticipate problems before they occur and craft effective, secure solutions that meet its customers’ emerging needs.
- IBM Wazi aaS, Eurobank and the Value of Mainframe DevOps in the Cloud - August 12, 2022
- IBM Expands Power10 Portfolio with Midrange and Scale-Out Solutions - July 21, 2022
- IBM Think 2022 – Embracing the Present, Preparing for the Future - May 20, 2022