Ockam and InfluxData
Solve unique security challenges for IoT data
Enterprises need to be able to trust the data that informs their business operations. Increasingly, vast amounts of mission-critical information is collected by machines at the edge, outside the data centers, by the Internet of Things.
Ockam's open source developer tools make it simple to securely enroll a large fleet of devices, establish authenticated channels, and exchange end-to-end encrypted messages between your connected devices and cloud services, like InfluxDB.
Securing Edge Data with Ockam
When information is gathered from a large number of devices out at the edge, ensuring that data is reliable and trustworthy can be challenging. Ockam provides open source tools and libraries that make it easy to establish and maintain mutually authenticated secure channels between fleets of globally distributed devices and InfluxDB.
Ockam Vaults enable each device to have a unique cryptographic key that is generated, stored and used inside a secure hardware environment like a TPM, TEE, HSM, Secure Enclave, Crypto Module, etc. Private keys never leave this secure environment, and the identity of each device is cryptographically proven when establishing secure channels.
These bi-directional secure channels can operate over a large variety of network transport protocols to guarantee integrity and confidentiality of the data that arrives in your InfluxDB instance. This works reliably and efficiently even in complex, occasionally connected, resource-constrained, multi-protocol, IoT data-flow topologies.
Ockam abstracts away the complexity and opportunity to make mistakes in your networking security layers by bringing simple-to- use APIs to your application and data layers.
Ockam integrates with InfluxDB tokens and provides an easy mechanism to precisely control which devices are authorized to report which measurements. Unique, short lived, InfluxDB tokens can be easily leased to each cryptographically authenticated device at the edge. This makes rotation and revocation of tokens simple and provides easy management of permissions at scale.
Ockam integrates with Telegraf as an ExecD plugin to provide tools that bootstrap trusted secure channels between thousands of Telegraf agents and InfluxDB. These mutually authenticated secure channels can remain secure for years using the built-in leasing/rotation protocols.
Mrinal Wadhwa, CTO at Ockam, discusses various security, privacy and data integrity challenges that application developers must carefully consider when designing critical business applications that rely on IoT.