Ask the IoT Expert: Ask us any IoT Security Questions you have in September

Microsoft

 

Secure transmission of data from devices in the field can be challenging depending on the business environment.  What do you do if you have a need to create an IoT Solution that operates on an offshore oil rig?  How do you securely transmit data from devices that may have been installed over a decade ago? This month we’re starting off the Ask the IoT expert series focusing on IoT and security.

 

Ask the Expert IoT Security_1920x1080.jpg

 

 

We are looking for your questions and ideas and we’ll respond, so go ahead and ask us anything!

My name is Martin Tuip and I’m the worldwide Azure IoT Security and Windows IoT Marketing Lead at Microsoft and joined by a team of Microsoft IoT experts to answer any questions you may have regarding this topic: Arjmand Samuel (all up IoT security expert), Eustace Asanghanwa (security at the edge expert) Nicole Berdy (all things DPS and more) and Ramit Malhotra (all up IoT security and certificates expert).

 

If you have any questions regarding IoT security, please leave them as comments in this very discussion and one of us will be here to answer it. To make this Ask the IoT Expert globally inclusive the Q&A will play out in this post and last for the whole month of September. You can also count on us leaving hints and tips throughout the month in this post.

 

Developers, we’re looking forward to your questions – please ask away!

 

Martin

#iot #azureiot  #Developer #IoTArchitect #RealWorldScenario #IoTSecurity

 

14 Replies

@95twr 

 

I am running 5k Windows 10 IoT enterprise Thinclient at work with UWF + monthly patching via SCCM and having difficulties keeping up with security in an effective manner.

 

The time to perform monthly patching and WinSXS compact is taking much longer time than redeploy the OS. Is there a plan to improve this? 

 

 

@95twr With UWF running at all times, I need to schedule a few hours per month with UWF turn off to install Windows update and perform component store cleanup after updates.

 

These are low powered devices with low and slow eMMC storage. Install of monthly 1Gb to 1.6 Gb cumulative updates from LTSC 1507/1607 + component store cleanup can take longer than re-image the device.

 

LTSC 1809 seems improve a bit yet this is far from efficient.

@95twr I'd to know about a 101 on check lists for security on IoT Hub.

 

Also what should be the correct setup to avoid mqtt-dup from a gateway sending messasges to IoT Hub, is there any kind of ACK I can/should set up?

@null null Thanks for sharing the feedback. If possible, we’d like to clarify a few items to help us better understand the issue here.

 

 

Would like to understand a bit more details of the issue you experienced and connect with you offline. Please message me if you would like to connect. Thanks. 

@LilyHou 

 

I am applying Windows update every month during servicing window. WinSXS needs to be cleanup to save disk space,  as well as avoiding automatic WinSxS cleanup task schedule kicks in and use up the UWF ram overlay outside servicing window.

@95twr Here are my questions:

 

1. Where will Azure SQL edge fit? Will the future IOT Developer include this or will a new cert emerge(Under SQL Server)? 

2. How many of the regular SQL server security features will be present in this SQL Edge solution?

I wonder how performance of this remote devices will be managed and monitored. How DDOS attacks be regulated/observed?  

@George Carlisle Good questions, I will reach out to some on the SQL side and see what they say.

Hi. What is my Iot security on this September? Just I would like to know
Thanks

@mrsagansay85 thanks for your question.  Are you looking for an explanation of what IoT Security is?

@mrsagansay85 to get started with IoT Security I can recommend reading the IoT Security paper that we published recently.  https://azure.microsoft.com/mediahandler/files/resourcefiles/iot-security-in-depth-from-the-device-t...

As September comes to a close, I'd like to thank you all for participating and asking questions on this month's "Ask The Expert" topic. 

 

My closing thoughts on this topic are that The Internet of Things (IoT) creates both great opportunities as well as challenges for businesses. As IoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, and/or people, this interconnectivity of devices through the internet opens them up to cyber risk if they are not properly protected. We all have to understand that IoT security is fundamental and needs to be addressed throughout the eco-system as organizations’ assets, data, brand, and reputation are on the line. 

 

 

What is the best pattern for passing secrets (connection credentials etc.) into Azure IoT Edge Modules. In our scenario these would be IoT Edge modules in the Azure Marketplace, which our users would need to pass secrets into in order to connect to a SaaS Service.

We are considering Env variables, but not sure if there is a security concern with this approach we should be considering.