There has been a lot of focus on taking a data oriented approach to IoT systems. This approach makes a lot of sense given the nature of IoT and the foundational component of the system is the data – where it originates, how it is ingested, and what processing/analytics are applied across sensors, gateways, and cloud.
As we mature through the “make it work” phase of IoT and into the “ensuring security” phase, security capabilities are coming to the forefront. When you ask most people about security, they tend to respond in terms of intrusion prevention and encryption. These are certainly important, but what happens when there is a successful intrusion?
Sixgill is taking an innovative data-oriented approach to security by leveraging blockchain and adding important integrity features that provides strong data reliability and integrity capabilities to a variety of IoT applications. I talked with Phil Ressler, CEO, and Dominiek Ter Heide, Chief Architect and VP R&D, about their recent announcement involving data-oriented security and integrity.
Origins of Internet of Everything Governance
Sixgill started in 2007 with a proximity services platform to support marketing, crowd management and workforce optimization applications involving tracking people and things in real-time. The platform generated customizable actions and messages based on two or more objects crossing each other or a geofence. In 2015, Phil Ressler was brought on to expand business opportunities. An analysis showed sensors are getting cheaper, they are becoming integrated with CPUs resulting in an explosion of smart devices and the data they generate.
“About 25 billion objects connect to the internet today, far outweighing people,” Phil mentioned. “Huge volumes of time series data are being generated. These data tend to support real-time operations. Our roots in proximity and location services were well suited to data aggregation and automation for sensor-informed applications.”
Sixgill did a re-design of their platform to provide a highly scalable, elastic, and high-performance environment with a goal of providing governance for the Internet of Everything (IoE).
“When you’re gathering data for a large population of people or things, most of the time, these things are doing what you expect. The objective of governance is to identify and act on the exception events and be able to correct them through instructions or actions to pull these exception events into the norm. So we built a time-series data environment that automates responses to actionable data intersections and exception events,” Ressler said.
IoT Governance Architecture
Dominiek provided a technical overview of the governance architecture.
“At a high level, there are two stacks – a cloud stack and an edge stack. The edge stack does device management, encryption, geo-enhancement, and data integrity. The cloud side is a microservice architecture that scales horizontally. We start with ingestion, then there are enrichment processing pipelines that include business rules where the information is processed, analyzed, and actions taken.”
The products include:
- Sixgill Sense
- Reach SDK
- Reach Edge Agent
- Sixgill Integrity
- Data Integrity Dashboard
Blockchain and Data Integrity
The recent announcement from Sixgill involves adding a critical, blockchain-enabled, data integrity and auditing component to data automation environments.
Blockchain is a technology that involves adding a growing list of records that are linked using cryptography. Each block is a cryptographic hash of the previous block, a timestamp, and the transaction data. Blockchain is designed to be resistant to data modification. Blockchain was originally developed for cryptocurrency in order to provide immutability of data and a ledger of where the currency traveled. If you’re taking a data oriented approach to security, blockchain represents a great way to provide an immutable data record – as well as proof and notification of any compromise.
What happens if the blockchain-secured data ecosystem and silos are compromised? Breaches and illegitimate changes cannot be concealed, so decision automation on suspect data can be suspended, and alternate automation applied.
The Reach Edge Agent implements a blockchain-enabled data integrity feature for emitted data streams. It includes a programming library provided in a variety of languages and can be installed on the device or in the cloud.
The integrity feature is implemented using a hybrid architecture where on-chain meta data records are created at the point of origin. These meta records can be used to verify the integrity of the off-chain data records and sequencing, at each point of data transition to ensure data integrity.
“Combining the immutability of blockchain with the performance of an off-chain environment that creates auditable records to ensure data integrity at each stage of data transmission provides a powerfully secure data environment,” Ressler said. “Security involving encryption and intrusion detection are important components. But it’s unlikely this can be implemented in any lasting way. Adding data integrity and trustless auditability are important dimensions of security. Assume bad actors will get into any system. Then, have something that ensures data integrity and alerting to provide a strong defense of the data chain upon security breach.”