Most enterprises are in the process of evaluating how the Internet of Things (IoT) will affect their organization, especially how devices targeted at the Enterprise of Things (EoT) will be deployed.
Indeed, companies that deploy “things” need to worry about security, manageability, longevity/availability and robustness — unlike consumers who generally don’t concern themselves with such things. I recently discussed what I see as a real lack of focus on IoT security from a device perspective. What I’d like to discuss now is the need make it easier to deploy and manage devices, especially those focused on enterprise deployments. This can be relatively easily accomplished by creating a unique unalterable identity for each device.
Why each IoT device needs an identity
Why should we care about generating such a unique identity? Well, as it turns out, in a corporate setting, it’s not only about physically deploying the “things” that’s important, but it’s also about connecting them to intelligent control systems. And that can be a major challenge.
Let’s look at a simple example. Say you have to replace 1,000 light bulbs with next-generation smart bulbs. There is the physical task of actually changing out the bulbs, which is labor intensive. But that may be the easy part.
Indeed, to achieve the benefits of having smart lighting, such as better energy usage, controlled on/off time, and analytics-driven lighting needs, each bulb needs to be connected to a management system. For that to happen, each bulb has to be individually identified and manually added to the underlying device management system.
That means in our example, an administrator has to correctly enter 1,000 serial numbers or other identifier in a manual process that could take three to five minutes per bulb. Multiply that by 1,000 light bulbs and by potentially many thousands of other EoT devices, and that’s a big resource drain.
Now imagine how much effort it will take to get even a portion of the 30 to 50 billion devices expected to be deployed over the next few years connected to appropriate systems. Indeed, the negative aspects of onboarding may significantly impact the number of devices that can actually be deployed. We need a better way.
Can Intel’s IoT device onboarding tool help?
Recently, Intel proposed what in my opinion is a significantly better way to do this. Their solution is called Intel Secure Device Onboard. Essentially, it works by embedding a unique identifier on each chip that’s at the heart of the device. This Intel Enhanced Privacy ID (EPID) is a hardware-embedded identity that is baked into the chip during production. (Intel claims to have 2.7 billion chips already enabled with this capability, as all of its modern x86 chips have it built in.)
What’s most interesting about EPID is not just the identity. It’s the fact that it potentially enables a zero touch, or at least minimum touch, onboarding of the device by use of appropriate software tools.
Basically, the process goes like this: When the device is powered on and connected to the network, it sends a signal to the onboarding software management system. The management system receives the unique identifier and uses it to enroll the device into the appropriate resources (much like a directory would do for users). This eliminates the need for a manual entry of each device characteristic and allows for instantaneous and error-free onboarding.
Further, each device has a unique ID that can be used as a mechanism to secure the devices and prevent mass take-overs and similar attacks that currently plague many IoT systems.
Limitation to Intel’s IoT device onboarding system
All of this sounds very attractive, but there is one major limitation. The EPID system is unique to Intel, although it will openly licensed the capability to other chip vendors, equipment providers and IoT platforms (Intel provided a list that I won’t try to reproduce here). What’s missing is the large installed base of ARM-based chip suppliers, such as Qualcomm, Samsung and Mediatek, that aren’t currently signed on to this solution. And given the highly competitive nature of the marketplace, they may not be too keen to do so.
And there are literally thousands of equipment vendors out there not yet on board with this technology that would have to at least minimally modify their equipment to take advantage of this capability. Without some sort of universal acceptance and creation of EPID for all of these other device makers, this will remain a partial solution at best.
Bottom line: I believe Intel is on to something here, and its attempt to make the EPID a a quick, no-touch system to onboard devices is a direction the market must go in order to realize the full EoT/IoT vision. But Intel needs to work with some standards bodies and competing vendors to make this work universally.
At this point, although Intel freely licenses the technology, I’m not getting an indication that there is a big rush to adopt it outside Intel’s traditional ecosystem. It remains to be seen how many other players will adopt this capability rather than try to create their own to prevent Intel’s dominance in this area.
Intel has been very successful in the past creating and promoting what ended up being industry-standard approaches. Only time will tell if this will also become one. But ultimately, the Intel or similar model can move us far beyond where we are today, especially in a business environment where ease of deployment and manageability is mission critical.