Closing the IoT gap: Q&A with Microsoft Azure IoT experts
By Kristina Urquhart Devin Jones
By Kristina Urquhart Devin Jones
November 28, 2018 – On November 27, Microsoft highlighted several new additions to its Azure IoT system at the IoT in Action event in Toronto, including the IoT-ready version of Azure Security Center, a dashboard for security deployment, the Azure Sphere for secure microcontroller devices, and Azure Digital Twins, a platform to create virtual models of physical environments or products.
How do these innovations add to the IoT landscape? And how can the IoT bridge the gap between operational technology (OT) and information technology (IT)? We sat down with our colleagues at Design Engineering to find out those answers from three Microsoft experts: Khalil Alfar, general manager of the Azure cloud and enterprise business division for Microsoft Canada, Michael Kuptz, general manager for Microsoft America device experiences – IoT, and Tony Shakib, general manager of Microsoft Azure IoT.
Manufacturing Automation: It’s clear from the turnout today that there’s interest in IoT. But how does Microsoft see that reflected in real use cases? And what’s the momentum like in Canada for IoT adoption?
Khalil Alfar, general manager of the Azure cloud and enterprise business division for Microsoft Canada: A lot of organizations are realizing that it’s time to do something about IoT. They’re starting to realize that there is a significant opportunity to connect directly now into the heart of the organization. It means really doing something outside of just the very specific scenarios operationally.
We’re seeing so many different industries starting to understand that this is so important, and having this embedded compute capabilities in devices opens up significant opportunities for business.
Design Engineering: One of the biggest things that we’ve been seeing is this convergence of OT and IT, where security-wise, those ecosystems were once separated. How is Microsoft using IoT to close that gap?
Tony Shakib, general manager of Microsoft Azure IoT: We have a very rich history with the IT community…We have a very good relationship in terms of understanding their business needs, migrating them to a cloud, managing data and overall making them productive.
With this OT division that we’ve created, we actually had to go learn the line of business. We hired a lot of people from different industries – a lot of people from manufacturing. We had to figure out, one: How do we make sure that we provide the right set of technologies for both groups, and two: How do we really help bring these teams together and make them relevant?
IT people come to us saying, “Hey, I want to be more relevant to my line of business.” To us, we hear: “Give me the right tools so I can connect more and more devices, make it secure, and run the applications that we’re looking for.” At the same time, we’re working with the OT department. We’re telling them, “Okay, we understand the environment you’re coming from” – security in OT is very different than IT – all of the legacy equipment that they have, those real-time needs of how to have that compute capability closer to where the action is.
MA: What are some specific gaps Microsoft is noticing when it comes to IoT security architecture? Specifically, where companies and organizations believed they were secure, but in reality, they aren’t at all?
TS: A lot of people honestly don’t know their environment and how vulnerable they are to hackers. A lot of the security incidents that are happening aren’t even malicious. It’s unintended.
When you have a device, it has a set of parameters [that] it operates in. If you don’t confine its limits, it does unusual things and often breaks, bringing down the whole manufacturing line. Part of the Azure Security Center service that we just unveiled is where organizations can take their Azure subscription, point it to their plant, hospital or assembly line and we will go through every device, port, and operation that it should be executing.
It’s a simple way to visualize and take stock of what’s connected and what’s potentially vulnerable. The second thing is that companies recognize the issues but have no idea what to do about them. For us, it’s to help them remediate – which one of these things do you address? Really pinpointing and organizing priorities.
Microsoft Azure event shares IoT best practices, security updates and digital twins
Michael Kuptz, general manager for Microsoft America device experiences – IoT: Adding to that, from a manufacturer’s perspective, when you differentiate between industrial and consumer, there’s an inherent fear that continues to persist around connecting consumer devices. The home environment and home gateways are probably as open and transparent as any environment.
The announcement of Azure Sphere did three things. It first addressed a massive gap in the awareness around what is secure. Many companies that we met with before we announced Azure Sphere told us, “We’re secure enough.” There wasn’t a benchmark to be able to model what “secure” meant. Microsoft’s seven security properties delineate between having a secure hardware, a secure OS, and a secure software base.
In terms of a holistic approach to securing devices, Microsoft is saying, “We’ll take on the operation support side of securing that device” – it is an outsource of device security. When you move that into the consumer environment, parallel to the commercial/industrial environment, it sets a whole new pattern of engagement that we’ve never had before.
The third facet says, “We’ll extend that support and we’ll be responsible for securing those devices for 13 years.”
Images (from left): Khalil Alfar, Michael Kuptz, Tony Shakib
DE: Why do you think we’re not seeing more movement towards that second phase of IoT solutions – from implementation and data collection to analysis and improvement?
MK: I’ll address it from an engagement perspective. In the Americas, I have roughly 3,100 OEMs that I’m responsible for. And of those OEMs, the primary focus is, “Do I want to be the disruptor? Or be disrupted?” Once they decide that they’re going to be the disruptor, they become the aggressor in terms of accelerating their transformation. If they’re disrupted, it’s a defend-and-protect strategy, which takes longer because they’re trying to maintain the core business and revenue streams while dabbling in this “How long can I survive?” mindset.
These engagements fall into two identity factors, the first being, is there an executive sponsor across the organization that says, “We will make this transformation happen”? You see that with companies like Johnson Controls, in trying to go to an autonomous type of device that will then auto-update based upon the environment that it’s in. They’re going to be the disruptor.
The disrupted then becomes, “I gotta make something, connect it and be able to compete in added value to my end customers.” The fear factor and the reason it takes longer isn’t because of technology and it isn’t because of the architecture, it’s because of the uncertainty and doubt around being all in or partially in.
KA: To [MA’s] question about what gaps Microsoft is seeing, a lot of organizations felt like this environment is not secure and they don’t want to connect OT to this network that they believe exposes them to unsavory elements. Being able to have a view of that and have the tools and environments to show them something that’s operationally sound and secure at the same time is what we’re trying to do.
MA: Could you elaborate on Microsoft’s involvement with legacy systems? A big concern of our readers is the overall investment costs associated with updating those systems with IoT. So how does Azure specifically work with the network architecture that’s already in place?
TS: That’s a great question, and it’s a pretty complex problem to solve. We always realize that the refresh cycle in manufacturing environments [is] very long. When you look at an assembly line, that assembly line is there for 30 years. But we can tap into the existing infrastructure, extract the data, and do a protocol conversion either at the IoT edge because we have the compute engine, or at the cloud.
Then it’s an IP-based packet with the new protocol. We try to push the conversion points as close to the port as possible. The second thing is that we’re driving standards. Like OPC UA, where we can actually push that responsibility to the vendors, [so] that they would be responsible for getting to common-based standards that everyone can understand.
The third thing is that we’re working on a program called Plug-and-Play that we haven’t announced yet. Ten years ago when you bought a PC, you had to go home, download the drivers, or this and that version. You don’t do that anymore. We’re trying to do the same thing for the IoT world where every device will self-subscribe itself to a service and say “I’m this kind of device, these are my characteristics.” We then create a common data model of what these devices should be doing and their functions – which is automatically brought into the network to perform those functions.