Azure Sphere can solve problems in many different environments. I was recently asked about what the pros and cons would be of using Azure Sphere in industrial applications. Industrial applications can be physically challenging, sometimes with limited access to wired networking and power resources; or in harsh, chemically reactive, or high vibration environments. Industrial applications can also be subject to numerous regulatory and certification requirements which may impact the architecture of IoT solutions.
Cons for industrial applications
Let’s start with the cons because I think they’re fairly straightforward. Adding cloud connectivity to an industrial factory can in itself be a con: it opens up your industrial equipment to remote access. If not done carefully and with a secure approach, it could lead to disruption of a factory and exfiltration of critical and sensitive business data, and also include botnet attacks, ransomware, or destructive malware applied to industrial controllers. This is a very serious set of cons which is why we take security very seriously as part of Azure Sphere.
Pros for industrial applications
The pros for cloud-based industrial control and monitoring are the ability to remotely manage factories, use data analysis to save costs with preventative maintenance; extending analysis with AI and other Azure solutions to create a rich data ecosystem; and the ability to re-establish trust and control once lost. Traditional perimeter defense approaches for industrial applications, including Perdue model networks and ISA-95, can provide strong walls that resist intrusion. But once these networks are breached, trust is lost and is hard to recover. As systems go down due to the disruption, situational awareness may be unavailable outside of the physical bounds of the factory, and the extent of impact may be hard to measure without inspecting and isolating every machine on the network.
Zero Trust
The Azure Sphere cloud-based model is one of Zero Trust. Zero Trust is a security paradigm that assumes devices are breached, requires devices to explicitly verify their identity for each and every interaction, and uses the least privileged access for interactions. Since devices are never trusted by default, when trust is lost in one, it can be regained. Regaining trust can occur automatically through re-imaging the device to its signed code, performing an over-the-air software update to patch a security flaw, or re-issuing certificates to prove a device is in a known and trusted configuration. A cloud-based approach has options for how to handle security incidents when they occur. Perimeter defenses are at their best when attacks are not succeeding. If attacked, a perimeter defense can provide security, but when attacked, a trust-based approach can continue security throughout the incident and limit the scope and impact.
Azure Sphere can provide specific security benefits and guardianship for existing industrial control systems or new industrial control systems under design. But as a device-focused solution, Azure Sphere is just part of a larger story of IoT architectures that can be deployed to build business value through the cloud. Read more about Azure IoT here and learn about new solutions for industrial applications here including how to leverage Edge and Hybrid cloud for high availability.
