Is a comprehensive IoT security solutions including hardware OS and cloud components?

Securely connecting an IoT MCU design to the Cloud?

Microsoft Azure Sphere enables just that!

Azure Sphere isn’t just a simple microcontroller. It’s a comprehensive IoT security solution for building highly secure devices composed of three components: a unique microcontroller built by one of Microsoft’s silicon partners, a lightweight OS with defense-in-depth capabilities, and a cloud security service.

This three-part solution is defining a new standard for industrial IoT device security.

Sign up for training, get research papers, datasheets, presentations and videos or buy the Microsoft Azure Sphere starter kit here.

Valuable data from the assets in the field to the cloud – with seamless Azure Integration

Eurotech is a company deeply rooted and experienced in the embedded and Operational Technology (OT) world. Microsoft is with Azure clearly a leader in Cloud Services. Combining the experience of both companies results in a unique and robust value proposition in the market. For both customers and system integration partners, it extends a global Microsoft Azure ecosystem in new ways, enabling the creation and utilization of “best in class” solutions for the Industrial IoT – without compromising OT requirements when it comes to the solutions in the field.

Eurotech delivers enhanced computing, communication technologies, and innovative IoT building blocks to provide competitive advantages for its customers. The combination of Eurotech’s rugged Multi-service IoT Edge Gateways and Microsoft Azure services, is designed to offer a robust and secure foundation for developing and deploying edge to cloud IoT applications in demanding vertical markets, such as industrial / manufacturing, energy and utilities, medical, transportation, agriculture and mining.

Eurotech’s IoT Gateways, that come with Everyware Software Framework (ESF), having achieved the certification with Azure, enable customers and system integration partners to effectively build, deploy and manage assets in demanding environments while seamlessly interfacing those assets with the powerful and versatile cloud services of Microsoft Azure.

Eurotech is also close to obtain certification for Microsoft Azure IoT Edge, a comprehensive service that deploys artificial intelligence and custom logic to IoT devices.

For customers requiring edge device full software lifecycle management, extended logging / health monitoring and remote management features for their assets in the field, Everyware Cloud is available also to be installed on Microsoft Azure in the customers account to supplement the offering.

A fascinating description of an agriculture use case, showing the benefits of a combination of Eurotech’s OT expertise and products with Microsoft Azure, can be found in the Microsoft Customer Stories with the title “AVR delivers new benefits to potato farmers with precision agriculture”.

Do you want to learn more about our Microsoft Azure IoT certified products? Just contact us!

Security End-to-End: From Supply Chain to Azure Zero-Touch-Provisioning with Microsoft Azure

Eurotech understood very early that security has to be approached holistically and has to be reflected in all the aspects and building blocks of an IoT (or OT) infrastructure – leveraging best practice approaches and technologies from the IT security space where feasible. Security in IoT projects is more than the combination of some “perimeter defense” security solutions like white and blacklisting, firewalls and encrypted communication channels. While these elements are important, Eurotech believes that also proven authentication methods, the use/storing/managing of certificates (x.509 Certificate / PKI technology) and especially an overall architecture and design that eliminates many possible attack scenarios play significant roles. In addition is of outmost importance that a full software lifecycle management is available for the edge devices – also to ensure that changes can be applied over-the-air (OTA) at runtime. Furthermore it is essential to validate/audit the security measures regularly through external security specialists.

To ensure the integrity and identity of devices and enable highly secure onboarding processes with not platforms it is essential to start with this already at the beginning of the supply chain. One essential aspect is the implementation and use of secure elements and modules, leveraging the cryptographic functions and secure storage of secrets in proved dedicated hardware. Together, Infineon Technologies, Eurotech, GlobalSign and Microsoft deliver exceptional supply chain integrity with a proven, secured, and seamless device onboarding and device integration to Azure IoT.

Solid IoT device identity and attestation starts with the implemented Trusted Platform Module. The Infineon product utilised in Eurotech’s devices already comes with a unique, secret Endorsement Key (EK), which is used as the basis for authentication. It allows to validate the origin and integrity of the TPM. As a platform manufacturer, Eurotech extends this trust by adding an Initial Device Identifier (IDevID), a secure, unique certificates-based identity to the device, leveraging the cryptographic and secure storage capabilities of the TPM. As an essential first step in the supply chain, this process attests the identity and integrity of the manufactured Eurotech device, including the software stack it is delivered with.

These certificate-based identities also offer the necessary foundation for a secure zero-touch provisioning with different IoT platforms and cloud services. Eurotech has worked with GlobalSign, a leading security certificate authority, and Infineon and Microsoft, with its Azure IoT Identity Service, to further extend the chain-of-trust to cloud connectivity. This is achieved through the enrollment of additional local certificates (LDevID) attesting device ownership by a customer and using these identities for automatic device provisioning and authentication to the cloud.

A typical zero-touch provisioning project flow starts when an enterprise or its preferred system integration partner authorizes a Certificate Authority with GlobalSign and cross-signs these to the Azure Digital Provisioning Service (DPS). This forms the basis for all DevIDs associated with the zero-touch devices in a given project. The customer engages with Eurotech to supply hardware devices pre-configured for zero-touch onboarding. The pre-configuration supplements the IDevID with a Local Device Identifier (LDevID) signed by customer CA and used for authentication and device authorization, as well as the installation/configuration of the Azure Identity Service.

With delivery of the this way prepared, trusted devices to field locations, network attestation, enrollment and device provisioning is fully-automated. Additional Cloud services and other features specific to the device or IoT application can be enabled in the same way.

Efficient Edge Development and Reduced Time-to-Market

The solution at the edge consists of proven, application optimized Eurotech hardware (Edge Gateways, Edge Servers and Edge AI Systems) and a software stack, that includes a managed Linux operating system and a powerful IoT device middleware, ESF. This modular but highly integrated set of building blocks reduces the complexities and efforts for developing an edge solution significantly.

ESF comes with a wide range of supported field protocols, addressing the development and connectivity challenges encountered in OT applications. Edge developers can deploy applications running natively or use ESF Wires to visually compose data pipelines for their Edge devices. ESF Wires functionality has been extended to include the aspects to integrate with Microsoft Azure IoT services and solutions.

With minimal configuration and setup, ESF users can interface with field devices and protocols and efficiently publish data from the world of operational technology to Microsoft Azure services.

Clear Focus on Low TCO and Risk Mitigation

The solid and proven edge node and gateway architecture (software and hardware) offers features to significantly lower many major aspects that contribute to the total ownership costs of an IoT solution. Examples are device software lifecycle management, security, logging and certifications (carrier and vertical).

Device abstraction on a middleware level does effectively address challenges associated with changing hardware requirements and end of life of components. Risk aspects of IoT Solutions are further mitigated by long product life support, extended warranty options and a broad professional services offering.

Eurotech’s Gateways in the Microsoft Azure Certified Device Catalog

In the Azure Certified Device catalog, customers looking for IoT Edge Gateways the seamless integration with Microsoft Azure, find a range of different Eurotech edge computers and data loggers, designed and certified for different demanding vertical markets and applications. These devices do come with an optimised and validated software stack (managed Linux OS and ESF IoT Device Middleware), that has integrations with different SDKs from Microsoft. Eurotech does support different integrations with different certification programs on Azure: Azure Certified Device, IoT Hub Certified devices (legacy) and Edge Managed.

More details about the Microsoft Azure certified Eurotech IoT products can be found in the Azure Certified Device catalog.

Do you want to learn more about our Microsoft Azure IoT certified products? Just contact us!

Eurotech’s Value Proposition extends beyond Products and Technology

For customers and system integration partners that require further support and services, Eurotech offers a comprehensive professional services portfolio. This offering includes, but is not limited to development and design services to have Edge Computers and IoT Gateways further customised and optimised for their specific use case, but also the implementation of new and legacy field protocols, project management, certifications, consulting and long product life support.

Quotes on Microsoft Azure IoT integration

The Microsoft Azure IoT Edge certification is a further validation of our ability to jumpstart customers’ IoT projects with proven and integrated hardware and software solutions. By eliminating integration efforts, this combination of Eurotech and Microsoft IoT building blocks ensure lower risk and a faster time to market for those companies that are pursuing digital transformation or getting started with new IoT projects.

Robert Andres, CSO, Eurotech

Provisioning IoT device identities during manufacturing is the best possible example of security by design. A Eurotech device with an embedded GlobalSign identity protects the lifecycle of each device as well as the entire supply chain. It reduces common integration challenges and delivers secure authentication for low-touch cloud enrollment.

Lancen LaChance, Vice President, IoT Solutions, GlobalSign

We are very proud of partnering with industry leaders Infineon, GlobalSign and Microsoft to lower the barriers of adoption of best practices for hardware-anchored digital device identities. This partnership reflects Eurotech’s commitment to cybersecurity and supporting its customers to reduce device complexity and management.

Marco Carrer, CTO, Eurotech

What is cloud security in IoT?

What are functional components of security in IoT?

Which one is the component of IoT security architecture?

What are the common security tools used in IoT?