As part of its digital transformation strategy, a leading oil and gas company seeks to enhance operational efficiency, data visibility, and security in its oil fields. The organization aims to implement a robust data collection and transmission system using Azure IoT Edge gateways, leveraging the Purdue model for Industrial Control Systems (ICS) to ensure secure and efficient data exchange across its operational technology (OT) and information technology (IT) environments. By utilizing the Azure IoT Hub, the company plans to create a reliable, scalable, secure infrastructure that connects field devices to the cloud for real-time analytics and decision-making. The initial IoT devices will be Variable Speed Drives used for ESP control as well as various chemical injection equipment.

Challenges Faced

1. Manual Device Enrollment: Devices are not enrolled automatically, requiring manual intervention that delays deployment and increases the risk of errors.

2. Certificate Management: Certificates need to be provisioned manually, complicating the management process and leading to potential security risks.

3. No Automated Certificate Rotation: Certificates are not rotated automatically, exposing the organization to the risk of having an expired certificated that could cause service disruptions or compromised certificates.

4. High Maintenance Costs: The manual maintenance of device identities and credentials incurs high operational costs and resource demands.

Solution

To address these challenges, the company will implement Device Authority’s KeyScaler Platform to automate the device identity and lifecycle management:

• Automated Device Registration: Utilizing the EST (Enrollment over Secure Transport) protocol, KeyScaler automates the device registration process, significantly reducing manual workload and associated errors.
• Policy-Based Certificate Lifecycle Management: KeyScaler enables policy-based certificate lifecycle management, including automated provisioning, rotation, and revocation. This ensures that all devices maintain up-to-date and secure certificates throughout their lifecycle.
• Automated Device Provisioning: The provisioning of devices into the Azure IoT Hub is automated, eliminating manual steps and minimizing the risk of human error.
• Automatic Transfer of Parent – Child Relationships: KeyScaler automatically transfers the parent-child relationships of gateways to Azure IoT Hub, ensuring accurate hierarchy management and streamlined data flow.
• Secure Key Transfer Mechanism: A secure mechanism for provisioning and transferring keys to the gateways will be established, enhancing overall security and reducing the risk of unauthorized access.

Situation

A global manufacturer of motion control systems was experiencing unpredictable downtime across its factory locations which was disrupting their end customers’ supply chain. ​
They wanted to improve OEE by digitizing the plant floor and installing smart sensors to automate monitoring of production systems to spot errors and determine when equipment needs maintenance. ​
These sensors and production systems need to be protected from outside threats, as any disruption to the manufacturing process costs hundreds of thousands of dollars per day and if exploited, valuable proprietary data can be lost or compromised.​

Solution

KeyScaler was deployed with the following benefits:

• Dynamic Device Key Generation (DDKG) technology established root of trust and enabled automated crypto-key generation at each authentication session.
• Zero touch device provisioning and registration with Microsft Azure IoT Hub
• Automated Device Identity Lifecycle Management for all production assets and monitoring of devices on the factory floor using x.509 certificates from their existing PKI provider
• KeyScaler Edge enabled the management of offline devices connecting via secure Edge gateways

Situation

A leading provider of distributed energy solutions is developing next-generation Linear Power Generators designed for off-grid and backup power scenarios across telecom, construction, and remote industrial operations. These generators are equipped with IoT-enabled communication modules for real-time telemetry and performance monitoring.

To enable seamless integration with Microsoft Azure for device data analytics and operational insights, the company needed a secure, scalable solution to provision, authenticate, and manage its fleet of intelligent generator units. Manual processes were not sustainable as the deployment scaled, and security was critical due to the equipment’s role in critical infrastructure.

Solution

Device Authority KeyScaler was selected to deliver:

• Dynamic Device Key Generation (DDKG) for trust anchor creation, securing the communications module in each generator.
• Automated Identity Lifecycle Management for X.509 certificates, covering provisioning, renewal, and revocation.
• KeyScaler Security Suite for Microsoft Azure, including automated onboarding to Azure IoT Hub and integration with Azure Key Vault for secure key storage.
• A zero-touch provisioning workflow to reduce human error and streamline device activation.