IoT Security: when the stakes are high
How CA Mobile API Gateway integrates and secures the IoT for high-risk transactions.
Headed to IoT World this month? The CA Mobile API Gateway team will be attending for the first time, and we are excited to share our perspective on IoT security and some of the ways we are delivering real value in the space. Make sure to stop by our booth for a live demonstration of how CA Mobile API Gateway powers secure, end-to-end integration and real-time data flow between users, apps, and devices.
We’re approaching the problem of IoT security from a somewhat unique perspective. While you won’t see us showcasing an IoT “product” – sorry, no smart refrigerators or connected thermostats from our team – our mobile-first, API management software serves as a key enabler for the Internet of Things.
How? Let’s consider the architecture on which real IoT use cases are built. Just like mobile, IoT achieves its value from connectivity and integration, and is powered by APIs that transform physical experiences from devices and connected products in the field to digital experiences mapped out by data.
Take, for example, a freight truck hauling temperature-controlled cargo. In the truck are two products that need to be kept at different temperatures to maintain optimal product condition. Sensors in the truck generate continuous real-time data from the freezer about the cargo and its current temperature. This data is published to a mobile app accessible by the driver that graphically displays real-time temperature conditions.
If these products are high-risk or high-value, it’s important to know not only the temperature readings but also to ensure the identity of both the cargo and the driver, and provide end-to-end security for the system. CA Mobile API Gateway acts as a secure data processor, protected by industry-leading security protocols like OAuth 2.0 and OpenID Connect. The “triangle of trust” is achieved as users, apps, and devices are integrated, authorized, and secured by the gateway, and verified on a continuous basis.
Even a seemingly “simple” IoT use case like this opens the enterprise to many points of failure or compromise. There’s the IoT hardware, the data it generates, any cloud storage or processing, and the mobile app that are all areas of vulnerability for attack if security is not adequate. Additionally, if the data is not generated, processed, and reviewed on a real-time basis, the system fails. While this may not be a significant risk for a few cartons of spoiled milk, think about shipping things like medical supplies or organ transplants. The stakes are much higher.
These are the kinds of problems that make IoT so exciting. It enables solutions that were not previously possible, but it is critical that these solutions perform. If you’ll be at IoT World this year, be sure to visit CA’s booth and speak to the Mobile API Gateway team to learn how we are tackling these IoT security challenges across industries as diverse as healthcare, banking, retail, and government.