In 2017 I contributed to the design research and design concepts for Device Activity Policy for Risk and Security Management in the Watson IoT Platform.
What is Device Activity
Device Activity is an indicator of device health. In the Design Research on IoT Device Activity it was proven that Time since last message is a preferred metric on device activity and health. This new design for the Watson IoT Platform, provides a new Risk and Security Management policy that defines the expected messaging activity for devices connected to the IoT platform. The policy monitors whether a device sends a request at least once every defined time period . A threshold for device activity can be defined generally for all devices, and exceptions defined for individual device types. Compliance to the Device Activity policy can be monitored on the dashboard, or reported on using drill-in reports.
The design vision for the new Device Activity policy is to calling with the concepts already established for Risk and Security Management policers in the Watson IoT Platform. Learn more about the common design policies in Risk and Security Management Design. The new policy should be available in the Security section in the platform, next to other policies. The policy should have a simple default setting that apply generally across on devices on the platform. This policy should set clear a clear threshold on the expended frequency of messages arriving from healthy devices exhibiting an active behaviour. The policy should also allow exceptions to be set individually for any device type that differs from a default general policy. As an option, the threshold value may be set to indefinitely to disable checking and make any devices of a type compliant.
Using the compliance reporting, administrators and operators may identify any devices that exhibit an unhealthy behaviour. Drill-in reports allow users to view device state and perform diagnostic actions.
Risk and Security Management is primarily targeting two of the IoT personas
- Adam is an IoT Security Operator. He ensures security and compliance by specifying policies that detect abnormalities and prevents devices to be compromised. He reports to audits on compliance to regulations and policy coverage on devices.
- Sally is an IoT System Operator. She handles the day to day system operations on the LOB and client IoT organization. She makes sure that new device types and devices are registered, are behaving, and are up to date with recent secure firmware. She defines policies, creates and runs actions on policy alerts that acts on misbehaving devices.
Adam, the security analyst can define a Device Activity policy for devices, to determine whether a device is active or inactive by tracking how frequent a device talks to the platform, activate the policy and report on the coverage of the policy, in under 5 minutes.
As a security analyst, I can
- View the default (disabled) device activity policy configuration
- Modify the default device activity and set a messaging interval
- Add a custom rule as exception device activity policy configuration for a device type
- Preview the predicted compliance of the new policy configuration
- Save and enforce the updated device activity policy configuration
The UX design of the use-case above.