Integrating Internet of Things (IoT) devices with IT infrastructure is a challenge for enterprises. Many IoT devices lack what are considered foundational security features in the IT world (such as certificates, trusted platform modules, and secure key management), making them untrustworthy to Chief Information Security Officers (CISOs). Yet the demand from Facilities, Operations, Compliance, and Health & Safety departments to connect IoT devices to enterprise networks has never been higher.
Until now the workarounds to IT security objections were isolation or segmentation. Isolation required deploying dedicated networks just for IoT devices, an expensive proposition, or installing a gateway and broadband connection, which can introduce new attack surfaces that cannot be remediated using IT security systems. Segmentation can be complex in large IoT networks, resulting in an explosion of VLANs and their associated diagnostics challenging.
The ideal solution is to securely stream IoT devices directly over existing IT infrastructure to target applications, leveraging existing networks, security practices, and network management tools. Done correctly, security and visibility will be appropriately addressed, and the IoT solution will be more economically deployed than an isolated network and less complex than a VLAN-based solution.
EnOcean is a venture-backed spinoff of Siemens that specializes in the development of the ISO/IEC 14543-3-10/11 standard protocol, energy harvesting power sources, and miniaturized 800/900MHz radios for IoT devices. Hundreds of vendors make more than 5000 different IoT devices using EnOcean technology. The EnOcean Alliance is an industry association that validates interoperability of EnOcean devices, which today have been installed in more than 1 million buildings worldwide.
Aruba and EnOcean have collaborated to deliver a solution that securely bridges the IT/IoT divide. Starting with the release of Aruba Operating System 8.7, Aruba Wi-Fi access points can be used with products from vendors in the EnOcean Alliance ecosystem. Just insert an EnOcean 800/900MHz USB radio into the USB port of a compatible Aruba Wi-Fi 5 (802.11ac) or Wi-Fi 6 (802.11ax) access point, and then enter the IP address of the target on-premise, private cloud, or public cloud IoT application. Aruba’s zero trust network automatically establishes a secure Websocket connection and uses protobuf to bi-directionally stream data between the EnOcean-compatible devices and the IoT application.
Wired EnOcean IoT devices are also covered. In compliance with the micro-segmentation requirements of zero trust frameworks, after wired EnOcean-compatible devices have been identified by the Aruba network they can be dynamically segmented over a secure tunnel to the target IoT application. This feature allows wired IoT devices to share an enterprise network without ever having access to, or visibility of, any other traffic on that network. That capability will check the security box for CISOs.
Today, back-to-work and infection control initiatives are top of mind with enterprise Facilities teams, and IoT has an important role to play. Since wireless EnOcean IoT devices can be supported by compatible already deployed Aruba access points via an inexpensive USB adapter.
From among the many available EnOcean devices and vendors, here’s a representative sample of solutions for back-to-work and infection control applications:
Aruba and its technology partners have addressed the challenge of securely Integrating IoT devices with IT infrastructure, and as a bonus has made doing so simpler and more economical that traditional isolation and segmentation approaches. IT managers can now accommodate demands from Facilities, Operations, Compliance, and Health & Safety departments to connect IoT devices to enterprise networks without raising the CISO’S ire.
For additional information on Aruba’s solutions, click here.
Vice President of IoT and Strategic Partnerships at Aruba,
a Hewlett Packard Enterprise company