Integrating Internet of Things (IoT) devices with IT infrastructure is a challenge for enterprises. Many IoT devices lack what are considered foundational security features in the IT world (such as certificates, trusted platform modules, and secure key management), making them untrustworthy to Chief Information Security Officers (CISOs). Yet the demand from Facilities, Operations, Compliance, and Health & Safety departments to connect IoT devices to enterprise networks has never been higher.

Until now the workarounds to IT security objections were isolation or segmentation. Isolation required deploying dedicated networks just for IoT devices, an expensive proposition, or installing a gateway and broadband connection, which can introduce new attack surfaces that cannot be remediated using IT security systems. Segmentation can be complex in large IoT networks, resulting in an explosion of VLANs and their associated diagnostics challenging.

The ideal solution is to securely stream IoT devices directly over existing IT infrastructure to target applications, leveraging existing networks, security practices, and network management tools. Done correctly, security and visibility will be appropriately addressed, and the IoT solution will be more economically deployed than an isolated network and less complex than a VLAN-based solution.

EnOcean is a venture-backed spinoff of Siemens that specializes in the development of the ISO/IEC 14543-3-10/11 standard protocol, energy harvesting power sources, and miniaturized 800/900MHz radios for IoT devices. Hundreds of vendors make more than 5000 different IoT devices using EnOcean technology.  The EnOcean Alliance is an industry association that validates interoperability of EnOcean devices, which today have been installed in more than 1 million buildings worldwide.

Aruba and EnOcean have collaborated to deliver a solution that securely bridges the IT/IoT divide. Starting with the release of Aruba Operating System 8.7, Aruba Wi-Fi access points can be used with products from vendors in the EnOcean Alliance ecosystem. Just insert an EnOcean 800/900MHz USB radio into the USB port of a compatible Aruba Wi-Fi 5 (802.11ac) or Wi-Fi 6 (802.11ax) access point, and then enter the IP address of the target on-premise, private cloud, or public cloud IoT application. Aruba’s zero trust network automatically establishes a secure Websocket connection and uses protobuf to bi-directionally stream data between the EnOcean-compatible devices and the IoT application.

Wired EnOcean IoT devices are also covered. In compliance with the micro-segmentation requirements of zero trust frameworks, after wired EnOcean-compatible devices have been identified by the Aruba network they can be dynamically segmented over a secure tunnel to the target IoT application.  This feature allows wired IoT devices to share an enterprise network without ever having access to, or visibility of, any other traffic on that network. That capability will check the security box for CISOs.

Today, back-to-work and infection control initiatives are top of mind with enterprise Facilities teams, and IoT has an important role to play.  Since wireless EnOcean IoT devices can be supported by compatible already deployed Aruba access points via an inexpensive USB adapter.

From among the many available EnOcean devices and vendors, here’s a representative sample of solutions for back-to-work and infection control applications:

• Hoteling space management: Wireless sensors are ideal for managing the availability, occupancy, air quality, and cleaning requirements of hoteling spaces. DEUTA Controls’ EnoPuck visually identifies if a space is reserved, occupied, available, or vacated, while simultaneously monitoring air quality and light levels. Departure of an occupant can automatically trigger a request for cleaning and disinfection.
• Occupancy management: To ensure compliance with social distancing and sanitation protocols, IAconnects’ Mobius Flow application manages people-counter and occupancy sensors to monitor the status of communal areas, e.g., washrooms, kitchens, and meeting areas. A “cleaning threshold” feature alerts maintenance when an area requires attention.
• Smart restroom: The smart restroom solution from Nanjing Winshine checks traffic flow and occupancy of restrooms in real-time. Employees are alerted when the restrooms are unavailable, and the application can automatically generate work orders for cleaning and disinfection services.
• Demand-oriented ventilation: Typically used in classrooms, public buildings and offices, Thermokon’s CO2 sensor solution contributes to demand-oriented ventilation to reduce the risk of infection. The solution currently measures CO2 within a particular area and activates the ventilation system to meet defined air quality standards. Temperature, relative humidity, and volatile organic compound (VOC) sensing will be available later this year.
• Building management: The building management application from Titanium Intelligent Solutions manages lighting, energy, and space efficiency during shelter-in-place mandates and when curfews are enforced. Building functions are securely and remotely controlled via a simple, web-based application.

Aruba and its technology partners have addressed the challenge of securely Integrating IoT devices with IT infrastructure, and as a bonus has made doing so simpler and more economical that traditional isolation and segmentation approaches. IT managers can now accommodate demands from Facilities, Operations, Compliance, and Health & Safety departments to connect IoT devices to enterprise networks without raising the CISO’S ire.

For additional information on Aruba’s solutions, click here.

Michael Tennefoss
Vice President of IoT and Strategic Partnerships at Aruba,
a Hewlett Packard Enterprise company