Situation

Device Authority was chosen by a global energy provider to implement Identity Lifecycle Management for their connected refinery infrastructure. Wanting to leverage Microsoft Azure solutions and connect their Corporate PKI for Enterprise Security consistency however there was an inherent level of complexity involved as they tried to formulate an enhanced Nested Edge deployment which could have proved costly.

Solution

Device Authority KeyScaler was used to provide:

• Reduced complexity – Built-in connectors to leverage Corporate PKI while using the KeyScaler software infrastructure to automate, validate and sign certificate chain down to Leaf devices
• Increased visibility – Ability to visualize the certificate, certificate policy and certificate validity across the entire device stack down to the Leaf device
• Enterprise compliance – No compromise to the corporate policy with consistency of PKI across all aspects of the business​

Situation

An operator of wind power farms needed to provide security for the multitude of sensors attached to each device across large arrays of turbines.​
These sensors provide real-time data critical to efficient operation of the turbines including peak wattage, wind speed and direction, individual turbine performance, and local weather data including lightning proximity – a danger for the windmills and the maintenance crews that service them.​
Simplified security management and connection to Microsoft Azure IoT were key requirements.​

Solution

Device Authority KSaaS platform was implemented with the following benefits: ​

• SaaS delivery model eliminated costly infrastructure and management overhead​
• KeyScaler provided automated PKI Services for IoT and complete Identity Lifecycle Management.
• KeyScaler leveraged mTLS  on the devices to enable secure certificate provisioning, revocation and renewal.
• KSaaS was used as an engine for Certificate Management via the simple API framework.

As part of its digital transformation strategy, a leading oil and gas company seeks to enhance operational efficiency, data visibility, and security in its oil fields. The organization aims to implement a robust data collection and transmission system using Azure IoT Edge gateways, leveraging the Purdue model for Industrial Control Systems (ICS) to ensure secure and efficient data exchange across its operational technology (OT) and information technology (IT) environments. By utilizing the Azure IoT Hub, the company plans to create a reliable, scalable, secure infrastructure that connects field devices to the cloud for real-time analytics and decision-making. The initial IoT devices will be Variable Speed Drives used for ESP control as well as various chemical injection equipment.

Challenges Faced

1. Manual Device Enrollment: Devices are not enrolled automatically, requiring manual intervention that delays deployment and increases the risk of errors.

2. Certificate Management: Certificates need to be provisioned manually, complicating the management process and leading to potential security risks.

3. No Automated Certificate Rotation: Certificates are not rotated automatically, exposing the organization to the risk of having an expired certificated that could cause service disruptions or compromised certificates.

4. High Maintenance Costs: The manual maintenance of device identities and credentials incurs high operational costs and resource demands.

Solution

To address these challenges, the company will implement Device Authority’s KeyScaler Platform to automate the device identity and lifecycle management:

• Automated Device Registration: Utilizing the EST (Enrollment over Secure Transport) protocol, KeyScaler automates the device registration process, significantly reducing manual workload and associated errors.
• Policy-Based Certificate Lifecycle Management: KeyScaler enables policy-based certificate lifecycle management, including automated provisioning, rotation, and revocation. This ensures that all devices maintain up-to-date and secure certificates throughout their lifecycle.
• Automated Device Provisioning: The provisioning of devices into the Azure IoT Hub is automated, eliminating manual steps and minimizing the risk of human error.
• Automatic Transfer of Parent – Child Relationships: KeyScaler automatically transfers the parent-child relationships of gateways to Azure IoT Hub, ensuring accurate hierarchy management and streamlined data flow.
• Secure Key Transfer Mechanism: A secure mechanism for provisioning and transferring keys to the gateways will be established, enhancing overall security and reducing the risk of unauthorized access.