IBM Interconnect 2017 Conference
Lab 2334 – Watson IoT Platform Risk and Security Management
Abstract
This lab will explore the new Risk and Security Management capability in Watson Internet of Things platform. You will get hands on experience on connecting devices, configuring client and server certificates, managing connection policies and tracking compliance to the configured security policies. You will also review the Risk and Security Management user experience and provide your feedback on the usability of the design.
IoT Security Heartbeat iPad Application demonstrates how existing IBM products in the IoT and Security portfolios are providing better insights and responses to security threats using a Operational Dashboard
In 2017 I delivered the design for an IoT Security Heartbeat iPad Application demonstrating how existing IBM products in the IoT and Security portfolios are providing better insights and responses to security threats.
IoT Security Heartbeat Scenario
The IoT Security Heartbeat demo is designed around a business case scenario
Business Context
ACME Inc is a company producing multiple product lines of IoT white goods devices to two kinds of customer.
Unmanaged: Sell product for B2C with limited support. Firmware upgrades provided
Managed: Sell products B2B. Monitored, managed and upgradeable over the network. Compliance level SLA.
Personas
The CISO, or CSO, is directly responsible for risk, compliance, securing and protecting the assets of the business—including employees, data, IT infrastructure and information, plants and customers B2C and B2B managed and unmanaged IoT devices
Operational Dashboard and Security KPIs
CISO views the Operational Dashboard to confirm the IoT security state
High-level domains description:
Overall Enterprise Security
Connected Plant
Customer Endpoints
Business Alerts
Intelligence
Risk Forecast
Examples of Overall Enterprise Security KPIs
Endpoints Security Score – Fixed and Mobile devices
Application Endpoints Security Score
External Service Security Score
Identity Management
Network Connectivity
Geographies Alert Level
Governance Maturity Score
The Geographies Alert Level is Low based on current state of threats from IBM X Force Exchange
Scene 1 – Production plant IoT security issue
There has been a fire that caused damage to the manufacturing facility at Globex Inc. The fire centered around an exit door. Upon further investigation, it was clear that the source of the fire was an electric motor used to automate the security shutters on the door. Fortunately, nobody was harmed and the fire was contained, but the consequences could have been grave.
There are serious safety concerns in relation to risk to human life, as well as the potential negative impact to the reputation of, Globex Inc;, the manufacturing facility and the reputation of the brand for Oscorp Inc, the OEM company, supplying the faulty electric motor.
The Intelligence domain and Current News KPI becomes Amber indicating a warning on security risks with Supplier Risks Alarm on Oscorp Inc
Scene 2 – FW Version Update Status
The Intelligence domain and Suppliers Software Updates KPI becomes Amber indicating a warning that some of our devices needs to be updated (FW).
Devices need to be updated because we have a new firmware available from the OEM
Our current understanding of the FW update content upgrade => NOT CRITICAL
Upgrade postpone until next standard planned maintenance
Scene 3 – High level of Attacks/Threats on our Oscorp devices
The Connected Plant domain and Incident Management / Attempts KPI exceeds its threshold and becomes Red (Alert) because we are facing massive attack tentative on Oscorp Inc devices.
The debugging code left in the device opened up a security hole allowing the possibility of remote commands to be sent to the device outside of safe operating ranges. The IP addresses had been detected in relation to unauthorized access to other critical computing resources. In some instances devices were ‘cloned’ and malicious connections were attempted from those cloned devices to skew IoT data readings.
Scene 4 – Business Impact Alert on Production
The Business Impact domain and Incident in Production Floor becomes amber because of current attacks on Oscorp. Devices may have a huge impact on our production planning.
Scene 5 Watson Alert / Prescription / Recommended Actions
Watson raises an alert with Production at Risk, Compromised security and High level Physical Safety issue.
Prescription: Upgrade as soon as possible Oscorp Inc. devices with last Firmware update
Show how to enforce near real-time Firmware Upgrade
Show how to “isolate” those devices
Show how to plan countermeasures
Start a business process/workflow
Options are provided for resolving the risk with a Security optimised route, or a Cost Optimised route.
ACME is choosing the Cost Optimisation route and schedules device FW updates based on a need scheduled update cycle. It minimises the impact win business and any demands for production downtime. By choosing this route, relevant people in the ACME organization are notified of the conditions and plan.
Scene 6 – Intelligence and Sentiments Analysis on Social Media
The Operational Dashboard provides intelligence and insights into customer satisfaction related to product security. ACME provides B2C smart products to end consumers and managed products under SLAs for B2B clients.
The Intelligence domain and News Awareness becomes amber because clients satisfaction is dropping and Sentiment Analysis in Social Media is indicating product, security or vulnerability issues. These early indicators may not yet show in corporate support channels.
Scene 7 – Business Alerts
The Business Alerts and Variation in Client Support Requests becomes amber because because the increase in client support requests on product malfunctions. This is impacting the ACME operational cost but also indicating a risk to client operations.
Scene 8 – Customer Endpoints The Customer Endpoints and Policy Compliance Score becomes amber because the Enterprise Assets KPI is dropping. Drilling into the data source of Device Security Policies in the Watson IoT Platform we see that a significant number of devices are failing to authenticate. This suggests that there is an issue.
Scene 8 Watson Alert / Prescription / Recommended Actions
Watson issues an Alert on the condition.
To the left, notifications on Compliance, Customer, and Social Media KPIs. To the right, prescriptions from Watson on the root cause and suggestions on further actions
This concludes the IoT Security Heartbeat demo.
“Ninety-four percent of CxOs believe it is probable their companies will experience a significant cybersecurity incident in the next two years.”
“An effective tactic to combat cybercrime is transparency and collaboration, sharing incident information internally and externally. Improve awareness and drive a more risk-aware culture across the entire organization.”
“The trust on comfort on cybersecurity strategy of their enterprise is well established is widely different. 76% of The trust on comfort on cybersecurity strategy of their enterprise is well established is widely different. 76% of the CIO’s agree – 51% of CEO’s agree .”
Personas is a design tool to set focus and ensure the empathy of the user. It helps us deepen our understanding of the users of the IoT Platform and their usage of the platform capabilities outlined above. It ensures that the design objectives are focused on the person behind the problem.
Don’t confuse personas with roles. Personas are not Roles. A role is mostly a specific declaration of responsibility. A role description often includes
Tasks – The tasks the role performs
Workflows – The workflows the role is responsible to perform
Collaborators – The collaborators that interact in or depend on the tasks or workflows
Artifacts – The information items that are worked on or produced by the role in tasks or workflows
Outcome – The artifacts produced and the state of the artifacts
Personas are fictional archetypes of users created to represent the different stakeholders a solution. It empathizes by understanding and capturing their business and personal contexts.
Personas bring together the tasks, pains, needs, and priorities for key users.
Personas describe all the attributes that affect someone’s day.
Personas are based on user research from e.g. surveys, user interviews, focus groups, and customer support calls
Read more about Personas and how I develop personas below and in the Design Thinking section of the portfolio.
IoT Personas
When joining the IoT Platform team in 2015 I started to research and generalize the IoT personas. The objective is to get a code set of personas for IoT, extended for the platform and other solutions.
Personas is a living design document, continuously updated by research and validated by our clients and sponsor users. I find in our continuous research that the IoT personas are well representing the variability across industries and organizations adopting IoT and transforming their business.
The Personas for the IoT platform are focused on the fictitious ACME corporation, an enterprise-sized organization that is transforming its business to IoT by exploring, adapting, and running an IoT operation. The LOB organization depends on corporate IT services, has IoT operational teams, LOB analytics teams, and service teams dedicated to client operations. See the image below.
Bob is a Line of Business Manager leading a business of existing and new products. He wants to understand how to leverage the data and connectivity of devices to create new streams of revenue. He will discover industry content on IBM.com and act on solution proposals from Archie. Bob is providing funding for IoT business application development.
Archie is a Solution Architect that proposes, proves, and deploys the IoT Foundation platform to the LOB. He decides on integration strategies and architectures for the new IoTF platform, existing business systems, and devices in production.
Oscar is a DevOps Manager that configures and operates the IoT Foundation platform, Bluemix services, and supporting IT services for LOB operations and development.
Chris is an Application Developer that works in the LOB, in IT, or with a 3rd party. He develops IoT industry applications for the LOB. He uses DevOps capabilities to develop, deploy and fix applications that integrate IoT Foundation device data and Bluemix services.
Dave is a Chip Engineer that develops silicon devices and sensors. He delivers chips, devices, and boards for industry and consumer products. Dave may work at an OEM that delivers chips to devices that ACME integrates into its products.
Devon is a Device Developer that integrates HW and SW into devices and appliances. He develops and maintains device firmware that securely connects devices to IoT Foundation. Devon may work at an OEM that delivers devices that ACME integrates into its products.
Ravi is a Systems Engineer with the chip provider integration partner, works with Devon to integrate chips and sensors into the product line.
Sally is a LOB System Operator. She handles the day-to-day system operations on customer IoTF organizations by onboarding new users and making sure that new device types and devices are registered, are behaving, and are up to date with recent secure firmware.
Adam is a LOB Security Analyst. He ensures security by proactively creating rules that detect threats and prevent breaches. He creates automation that acts on misbehaving devices and users. And he ensures compliance through audits.
Ryan is a LOB Data Scientist. He knows all about the industry data delivered from devices and the algorithms that provide meaningful analytics. He implements advanced algorithms as services to be used by the LOB analysts and LOB industry applications.
Marcia is a LOB Operations Analyst. She is responsible for the availability of specific assets in the LOB product line and uses deeper analytics provided by Analytics in the IoT Foundation platform and Ryan’s algorithmic service extensions.
Lester is a Service Delivery Manager responsible for an SLA with a client to the LOB. He, and his team of maintenance engineers, are on or near the client site and manage equipment and use the IoT Foundation platform and LOB industry applications to monitoring, plan, and service equipment.
The ACME IoT teams get set up or engaged at various phases in the adoption of the IoT platform and the provisioning of IoT services to the clients of the LOB.
Lifecycle scenario view of the IoT personas covering Discover > Getting started > Everyday use > Manage and upgrade.
Bob and Archie discover, play, and try IoT. Designs have been explored and delivered for ‘Try and Buy’ scenarios.
Oscar getting started and maintaining the IoT platform. The design has been explored and delivered for ‘Getting started’ scenarios including IoT platform configuration settings of integrated services and on-boarding of new users.
Sally for running day-to-day operations on registered and connected devices.
Lester getting providing services to his clients based on the IoT platform, connected devices, and instrumented assets.
For each persona, we describe the Role, the Motivation, and the Pain-points. The following sections call out some of the research outcomes on the key IoT personas
Sally the System Operator
Sally is one of the most frequently used personas in the design across the platform capabilities. Our initial research in 2015 focused on the ‘Getting started’ and ‘Everyday use’ scenarios covering the steps for Sally to in getting access to the platform, configure the IoT platform for the LOB on-board the LOB IoT team, supporting the everyday scenario of boot-strapping a service delivery team delivering an IoT project at a client site.
Device management of connected devices in high quantities.
Wants to be able to quickly identify problematic devices and take appropriate action as soon as possible, without needing to consult the documentation
Also wants to perform, and monitor progress, of management actions (such as rebooting and updating) on devices centrally, without needing physical access to devices
Add organizations, users, devices, data, and access
Add devices
Update firmware
Monitor device errors
Monitor system behavior
Sally’s motivations
Getting things done efficiently, is only a part of her job
Making sure things are running smoothly
Not get paged at the weekend
See status and act on issues
Monitor from the mobile device
Sally’s frustrations
Overworked, impatient, fed up with callouts, too busy watching stuff
Pressured by developers
Overwhelming dashboards
Flickers between multiple dashboards
1000’ds of devices
Not finding problem devices
Bricking devices in the wild
Too much complex technical documentation
New technologies and terminologies
Having to ask developers for help
Worried about hackers
Storyboard
The high-level steps in the initial ‘Getting started’ and ‘Everyday use’ scenarios
Sally is added to the platform by Oscar as a user with an Administrator role
Sally configures the roles and permissions required by the LOB
Sally on-boards the LOB team to the platform
Sally defines device types and registers devices. She confirms that devices are connecting and sending data events to the IoT platform.
Sally configures a dashboard with boards and cards to monitor device state and alerts
Sally configures users and access permissions for Lester’s service team
Other IoT personas
Bob the Line of Business Manager
Bob is a key persona discovering and leading the organization in leveraging IoT in the line of business
Bob understands where the market is heading and sets the product strategy within his business
Bob is creating new streams of revenue through IoT by managing a product line of new IoT innovations and instrumentation making existing products starter
Bob needs to understand how a new IoT product is being consumed by his users
Bob needs to know what data to measure and how analytics on the IoT data to gain the new insights
Archie the System Architect
Archie is a key persona in discovering, playing and trying the IoT platform.
Archie is responsible for deciding strategies on the technologies and architectures for the new IoT platform
Archie needs to present a proposal for transforming the existing business solutions into an IoT solution
Archie needs to present a proposal for extending the value of existing devices and data through analytics Archie needs to present a proposal for the right solution and make the right choices on system scale, security, cost, and operational efficiency for the team
Lester the Service Delivery Manager
Lester is a key persona in setting up and providing services to his clients based on the IoT platform, connected devices and instrumented assets. Lester is a part of the LOB and managing a team of engineers ensuring the delivery of an SLA to a client. He and his team is on- or near-site of the devices and equipment that are managed.
Lester has a team of Reliability Engineers
Lester is responsible for operations for the client services
Lester is manages the users, resources, and access for his team
Lester is responsible for proactively monitoring the state of equipment and plan service actions
Lester needs to operate his team efficiently. He knows that time is money when systems are down
Meet Sally the IoT System Operator.
Sally is one of the most frequently used operator personas in the design across the platform capabilities.
Also, meet Chris is the Application Developer and Devon is the Edge Device Developer.
Chris and Devon are the most frequently used personas in the developer experience design across the platform capabilities.
IoT Platform Developer Experience Design research on the developer experience in the Watson IoT Platform.
“Ninety-four percent of CxOs believe it is probable their companies will experience a significant cybersecurity incident in the next two years.”
IoT Platform Developer Experience