Mastering IoT at Scale: Secure, Connect, and Grow with Confidence

I think we can all agree that managing IoT at scale can get really, really tough. You need to think about security, integration, operational aspects. And regardless if you are in the beginning of your IoT journey or if you already have thousands or tens of thousands of connected devices, I hope you’re gonna be walking away with some practical tips and hints. What we’re gonna do with Duncan, we’re gonna divide the session in two pieces. I’m gonna focus on some hardware content, and Duncan is gonna bring you some security and cloud related options. Great. Let’s get started. And I pressed the wrong button. Alright. We have cellular connectivity surrounding us every single day. Think about your smartphones. You simply take a SIM card, you plug it in, and you have ubiquitous connectivity. This ubiquitous connectivity can be also applied to many different IoT devices. What’s important is that you don’t want to rely on an infrastructure that is maintained and built by others. You often want to bring your own network and your own type of solution. How do you scale? That is the main question, and you’re gonna hear scaling a lot of times during this presentation. Those of you who don’t know Soracom, we are a Japanese company. We are headquartered in Tokyo, but we also have operations within Europe as well as North America. I’m personally based out of Sweden, Stockholm. We have over ten years of experience and what we offer is scalable cloud native cellular connectivity solutions and loads of exciting value added services. Some of them will be touched on by Duncan later today. We have over twenty thousand happy customers globally spread around, and some of those customers are shown on this slide. They are really from all walks of life, smart metering, smart manufacturing, agriculture. We are connecting, e scooters, American school buses, whatever you imagine, we’ve been there and we’ve done that. And what we see as major challenges coming from these twenty or over twenty ks customers can be categorized in four different sections. The first one is connectivity complexity. These customers always want to have a platform and a very easy onboarding experience. They’re gonna use the connectivity platform to manage their SIM cards and also whatever is connected on top of those SIM cards. They need easy access for troubleshooting and making sure that whenever they face some problems, that is not gonna come from the device or the SIM side. Cross border roaming and also cross network roaming is also very, very important. And with that, let’s hop over to legacy and infrastructure limitations. Many customers walk up to us and tell us that they have legacy old devices that do not include cellular modules or any routers. And those devices, we have to be very often, we have to be very honest, they limit innovation. They very often pause and break, the actual initial ideas. IT integration is another aspect that we very often need to think about. There are very often wifi networks that customers are not allowed or do not want to use existing IT infrastructure. And retrofitting legacy assets is also very costly, very often. That’s the last point here. Security and trust challenges. Again, on top of, legacy limitations, security also slows down adoption very, very often. We have been hearing a lot about the new cybersecurity regulations popping up. You see it in every walk of life. That’s gonna be having a very big impact on IoT devices in Europe. There are data, bandwidth risks, SIM, threats, SIM related threats that Duncan is going to be talking about. And as for regulatory and compliance barriers, depending on where you deploy, depending on where you bring the IoT devices, you need to make sure that they are certified. There are local certifications and there are also regulatory compliance requirements that you need to face. These are all challenges that we have been seeing. And what our solution is, very often hardware, a combo of hardware, security, and cloud solutions. So you can definitely retrofit existing equipment. We can help you do that. We can also help to scale to continue to deploy to new sites. We can help you grow, and, we also pay attention that it’s not gonna be too expensive for you. We would like to democratize IoT. That is the mission of Soracom. We want to lower the barriers and get as many IoT devices in a safe and secure way as possible. Moving forward, I would like to show you a few hardware examples that are pretested solutions and, they definitely help you reduce your deployment time and help you scale. We’re gonna be zooming on to the first three of these hardware solutions, IoT buttons, cellular dongles, and different routers and gateways. We are also seeing a lot of customers deploying different low power wide area networks based on LoRa, previously Sigfox, and they need cellular backhaul. We are also helping those type of customers. And if you are in the beginning of your IoT journey, we always recommend that you kickstart with trying out an evaluation board or a partner in DevKit. We have recently launched an ISIM and NTN, based evaluation boards that is the most recent in our portfolio. And some of you might be interested in, satellite IoT and narrowband IoT based satellite solutions. We are happy to help you on that. As for smart buttons, they are designed for many different IoT use cases. They vary from facility management through security applications, asset automations, industrial monitoring, and even elderly monitoring if you wish. They are easy to use buttons. You can associate multiple actions per click type. You do a very easy cloud integration at our backend and off you go. And that’s what a French customer of ours, Thalios, benefits from. They use the Soracom LTE button to to measure how their employees, sign in and out so they get some real time visibility into their remote worker status. And what they enjoy is a very easy plug and play solution where you have a button that’s connected to the LTE M network or CAT M1 network and you don’t need a trustworthy Wi Fi behind it. Let’s move on to cellular dongles. These are also optimized for different IoT and M2M applications. You don’t need to worry about the firmware. You don’t need to worry about any additional connectivity type because there is a built in SIM card on these kind of dongles, and, they help you get started in a plug and play way very, very easily. We see customers using these dongles to either retrofit legacy devices or to add cellular backhaul. And think about, I think, two slides before, the list of different hardware that we pretest. Some of them are, for instance, LoRa based, gateways. And they are primarily using LoRa as a connectivity type, LoRaWAN, but they also need some cellular, backhaul option. And this is a perfect way to add that. These are, again, just a few examples, ATMs, connected elevators, public transport. Just by sticking in a little dongle, you can enable telemetry solutions, remote, maintenance, and a lot of different use cases. And the last one that I wanted to bring to you is, again, emphasizing the need to bring your own network. Here you can see a Teltonika RUT200, router, and, this is also enabling customers to have a very easy plug and play setup. One of our UK based customers called Forjo, we met them actually here, at one of the previous shows. They are focusing on connecting industrial assets in factory environments. So they are basically reporting their site optimization via the Teltonika routers and our connectivity. And when they started their deployment, they were really struggling with the Wi Fi connectivity on-site in the factories. The Wi Fi was patchy. It went very often down, and they also needed to deal with the actual maintainer of the, of the Wi Fi infrastructure belonging to the factory. You can imagine the complexity behind that setup. With the the Teltonika gateway, again, you plug and play the SIM card. You have cellular connectivity. You bring your own network. And with that, Duncan, I’m gonna be handing over to you. Thank you, Dora. Okay. So, I want to take you back to this diagram, not fall over. So I want to talk with a slightly different angle. So, Dora has been talking about how to scale by bringing, pre tested hardware and devices that will help you retrofit your environment. We also speak to customers who come away with a different set of requirements, and we try to keep as many over in the left-hand happy space and not move them into the worried and the really stressed out space, which is something that we find all too often. Working with cellular, there are a few things that you can just put into practice, good work in practice, to keep yourself secure as as possible. So the first thing I want to describe are IMEI locks. So every cellular device has an IMEI number you may be familiar with them from your phone the same is true in the dongles and the buttons, the gateways and and anything else. So an IMEI lock is a lock which, specifies a particular SIM to a particular piece of hardware. That’s really useful to deal with SIM and data theft. This is something we see we see fairly regularly. Our customers tend to be deploying all across the world and they don’t know who it is that’s working with their device so removing a SIM can be all too easy to do inserting in your your phone or something else and suddenly people come to us saying I’ve got this massive bills because turns out someone’s been watching Netflix or YouTube or something else they weren’t expecting from their their very low data, server device. So an IMEI lock is a really useful tool. Also automating your monitoring, for bandwidth costs so having a system which will allow you to get triggers when when something is behaving in a way that you’re not expecting using using too much too much data or monthly costs are going too high, and then very significantly send you some alerts or automate some disconnections for you so so that you don’t have to be relying on your working hours in order to take action when when it goes, things happen. And then moving on to this kind of, Internet routing controls you want to be looking really for a tool which will allow you to specify connections from your end device through to your cloud. So only. And so if you can lock down just the IP address for your cloud devices then you can really try and get ahead of devices that might get compromised or again SIMs that might get stolen, so you can lock out any connectivity requests going to sites that you’re not authorizing. What’s next? Alright, I want to go back to the point we made earlier on about working with phones and what we’re used to. So when you’re using the Internet on your phone maybe for a transaction you want to be secure, like online shopping you tend to be using something like HTTPS a secure encrypted protocol and you can use HTTPS or MQTTS as another great option for IOT land. How do those relate between working with phones and working with IoT devices? Banking, online banking that tends to use end to end VPN, end to end encryption. Is that something that’s also of of use in in IoT? Well, it can be. Yep. That works fine. And then hardware based encryption so we see IoT devices with, hardware encryption solutions to remove the the weight from the processor. Choosing some of these options can lead to unexpected consequences. What have you just required for the compute you need, for the battery power you need, for the RAM you need, and for the the main the management of certificates. So that can be quite a challenge especially if you’re working with off the shelf sensors and IT devices where you don’t get access to the firmware in order to manage those items. And our two friends are back. This can also lead to quite a lot of stress of how am I gonna secure this? How am I gonna keep us, secure encrypted as we scale? So I want to introduce to you, a great solution that we find highly effective and very light touch which is a hosted VPN. So in this diagram, the device over on the left, is a cellular device connecting to the local cell tower connecting to your cellular provider. And the the cellular network is a is a closed network and encrypted by specification from the the 3GPP standard. So if you’re working with 4G devices then that’s one hundred and twenty eight bit AES encrypted anyway just by the modem and the cell provider, 5G uses 256-bit encryption. Over on the right hand side we’ve got your, hosted cloud, compute or your on premise compute and in the middle in the Internet I’ve drawn a pipe. The pipe is a hosted VPN where the the cellular provider is creating a link through to your cloud compute, which is encrypting data that’s going across the Internet instead of it going in the open. So without, having imposed, any form of encryption or client certificates over on the end device, you’ve got an encrypted path all the way through encrypted with 3GPP standards over on the left and then through the VPN over in the middle of to the right. What’s really great is that you haven’t had to do anything to the end device and that it actually applies to a kind of off the shelf sensors as well. So it’s a really useful tool for, existing devices that you don’t want to have to retrofit with upgraded firmware if you need to add encryption, or devices you don’t have that option to do so by putting in, so a Soracom SIM will do this. You can put a Soracom SIM in, configure the VPN in the cloud, and get that encrypted path all the way through. I think sometimes, an even nicer solution is light touch privacy. So this is the same sort of diagram but over here on the right we’ve got AWS instead of, just any, cloud compute and on premise options. What’s significant is that at Soracom we also host on AWS and so we can use AWS peering tools to privately transfer data from our servers to your servers, through, VPC tunnel and there is no Internet on this Internet of Things picture anymore and so, you have the value of IoT but without the risks of any, Internet. There are no Internet attacks possible because your end devices they just don’t appear anywhere on the Internet. So here is an example of a customer, this is a customer called Safety Shield. Safety Shield specialise in monitoring heavy equipment to look for people working within zones that they shouldn’t be so they can start to send warnings. They use wearables so they actually have hard hats with lights and beacons on them and and vests to warn people if they’re moving into an area where they shouldn’t be they’re in danger. And Safety Shield came to see us because they needed both global coverage. They tend to work in Europe and South America, and also they needed to attack some of these issues with with SIM theft. They’ve seen unfortunately SIMs going missing and data costs going up very high and so they’ve worked with us to get those IMEI locks in place and to sort out the IP routing controls so that only data going to their cloud provider. And they have a a completely different solution to talk to you about as well. So, the VPN and VPC peering is great in one way traffic but if you wanna go back in the other direction, we have customers who have slightly more powerful devices maybe Linux based devices or even Windows devices that they want to get access to but they don’t want those devices to sit on the Internet with some kind of public IP address that can be attacked they really want to hide their devices away and so this remote device access solution the the end device doesn’t appear anywhere on the Internet it stops at the the the cellular provider in the middle and so the attacker just has no visibility of it they can see Soracom but they can’t see any of the devices behind Soracom and an authorized user with appropriate keys to log into the device they can open a tunnel they can get a port all the way through to the end device we actually generate a randomized IP address and a randomized port, so that it keeps things as rolling as possible. They can even lock it only to their client IP address as well so that if the device still doesn’t appear anywhere on the Internet. So a really great tool for for companies that are looking to deploy smart devices that they need to log into and and manage and configure as they go but without putting the risk of putting them on the Internet. And here this example YourStand YourStand were a Japanese company who are working in the EV charger market very specifically looking at EV chargers in community areas and at their stage in their development right now they’re using Raspberry Pis and they need to be able to log in to pull firmware updates and pull library updates and so yeah they use that remote device access solution to do that and indeed they work with the Onyx dongle that Dora showed earlier on. This little thing. They have equipped these to their engineering team so when their field engineers need to go out and and diagnose what’s going on, but don’t have direct connection, they can plug one of these in, combine it with a remote access and their their in office engineering team are able to to log in and give them greater detail to the engineering team on the field about what’s going on. So that is as far as I want to go in this session right now. We have a few more topics that we can come, and run through with you as well if you have different use cases so, we do have customers that do use encrypted, end to end solutions and they do need to manage certificates and they have a real issue with securely providing those certificates out into the end device so that the the device can connect but there’s a level of trust you need in all the way from whoever’s generating the certificates to whoever’s installing certificates often in the factory. We can work around that by supplying an at-commissioning certificate delivery system using the cellular network or how about using what I like to think of as the world’s largest LAN. If you think of all the SIMs connecting up to the tower across the world we can do a SIM peering system which means that all your devices can talk to each other, can talk to your end devices but again have absolutely no visibility to the Internet but you’ve still used all the the cellular connection and all the ubiquity of having a cellular connection and all the managed the value of having a managed connection that you’re you’re not having to deploy, as you go. And then finally at the bottom here eSIM and iSIM. We don’t often think of it from a security perspective but it is a great selling point and and a great, piece of value to remove the need to have a plastic SIM which can be taken out and instead go with a solder down or in the case of an iSIM, an in module SIM. Just that that kind of physical security of not having someone steal your SIM card. We can supply those as well we can supply them on the same data plan, the same sort of costs, and from a single supplier so it all looks like one set of connections to you giving you a migration path if you need to have a mixture of plastic SIMs, eSIMs and iSIMs in the field. So it’s time for us to wrap up already and, want to talk a little bit about Soracom, the sorts of tools that we have so as Dora talked about we have the right hardware to help you deploy and scale, We have some excellent integration tools to very quickly integrate with your cloud compute. We have we have optimisation tools to reduce the bandwidth you need to send from your device to the cloud to our providers and then we will expand that data before it goes on to the cloud that reduces your operating cost because you’re only paying for the cellular piece. And as you mentioned as well Dora satellite communication to fill the gaps as well if you’re working in a zone that doesn’t have great cellular connectivity we can provide that too. And that rounds us up so if you need to talk to us any questions please feel free to ask or you’ll find us in stand c5 down in the main hall. Thank you very much. Thank you.