By the end of 2020, there will be 1.91 billion Internet of Things connections. Securing these connections is becoming an increasingly challenging – and critical – function. That is why key IoT vendors are investing significant dollars and hours into research and development related to Smart IoT gateways.
However, IoT gateways are currently caught amid a greater transformative evolution that shifts focus from the cloud to the edge, reversing the investment priorities of the past decade, causing IoT vendors to revisit their market strategies, further enhancing edge capabilities for gateways.
Other Keys to Know
Hardware and software digital security options in IoT gateways are steadily gaining momentum involving increased support for crypto-processes, Internet Protocol Security (IPsec)/Virtual Private Network (VPN) options, Machine Learning (ML)-empowered anti-malware, firewall and Intrusion Detection and Prevention System (IDPS), secure Root of Trust (RoT), and device bootstrapping, among many others.
Increased level of edge processing and data filter-ing for IoT gateways may originate at the silicon and chipset level, along with other critical security operations. However, native support with cloud management plat-forms is still very much part of the equation.
Securing legacy equipment, offering extensive brown-field management services, and providing hardware, software, and platform-agnostic gateway services to ease implementation and increase interoperability and data-driven intelligence. This will streamline the transi-tion of Information Technology (IT) security tools into the Operational Technology (OT) infrastructure at both the gateway and the server levels, providing a much-needed security respite for IoT implementers.
Industrial IoT (IIoT), connected utilities, and smart energy markets will benefit more from the addition of next-generation IoT gateways, allowing a wide range of edge operations and intelligence, but still highly dependent upon overarching cloud services.
Defining Smart IoT Edge Gateways
Smart IoT edge gateways have all the characteristics of router devices, but also encompass a much more extensive range of technological elements, including advanced connectivity support and network man-agement, hardware/embedded and software cyber-security options, processing power, data analytics, intelligent design, multi-tenancy vendor support, advanced management options, Application Pro-gramming Interface (API) design, cloud service inte-grations, higher levels of modularity, and some level of Artificial Intelligence (AI) support, which, on top of some network services, is also related to some form of security automation and orchestration (as part of a larger suite or managed service), network security, anti-malware, or malicious traffic depending on software elements, Operating System (OS), and Software Development Kits (SDKs).
The term “smart IoT edge gateways” is used to reflect the current evolutionary trends and designs needed to bring IoT gateways into the future and address the growing IoT deployment, security, and management requirements. They can be referred to as “smart,” “intelligent,” or “next-generation” gateways (or routers, depending on the vendor). Still, some vendors use various descriptions as marketing terms, regardless of actual software or hardware capabilities. Note that other organizations believe that segmenting gateway products is wrong and, ultimately, is nothing less than a marketing scheme, but, perhaps quite ironically, they still use terms like “Artificial Intelligence” and “AI” to describe their own solutions, even though they offer no automation on any level, edge analytics and data filtering are severely lacking, and the ML tools involved are just borderline intelligent (e.g., simple linear regression) or incapable of providing any meaningful insights.
Communication and Protocol Translation
Connectivity Support: A standard requirement for all gateway/router products is the extended support for a variety of communication pro-tocols and connectivity modules. Tailoring connectivity options to focus only on communication needs for specific verticals or applications will drive down costs. The difference between the connectivity options for standard and the “smart” IoT gateways is the advanced connectivity support, interoperability options, streamlined cloud-edge communication, protocol translation capabilities, support for legacy systems, and some form of data encryption (which might not always be applicable depending on the target application).
These characteristics are addressed on three different levels:
Protocol Translation, State-of-the-Art Communication, and Interoperability: Next-generation gateways will offer extended support for a wide array of communication protocols coupled with flexible connec-tivity services. This includes protocol translation for both legacy and state-of-the-art protocols, which is of critical importance for gateways operating in the IIoT, critical infrastructure, connected utilities, smart energy, and building automation markets.
IoT Device Management Platforms
An essential component of next-generation IoT gateways is management services, whether localized (gateway-based), on-premises (network server-based), or platform (cloud-based). This is a quintessential characteristic that distinguishes gateways from their older, traditional role of merely routing data traffic between different devices and servers, into their emerging role of extending secure management services to connected device.
Device management options can be customized according to the implementers’ specifications. It can be simple and straightforward, albeit somewhat insecure, ranging from managing simple credentials and device keys, all the way to more secure uses of digital certificates and complex Public Key Infrastructure (PKI) options. Note that digital certificate management can be achieved internally without a Certificate Authority (CA). This is a more cost-efficient option, but not all organizations can handle the internal management of digital certificates if they lack the neces-sary IT infrastructure or investment in Hardware Security Modules (HSMs) used to generate and manage encryption keys and Key Encryption Keys (KEKs).
Cryptography and Encryption Key Management
Hardware Security and Ability to Safeguard ID Credentials: Smart IoT edge gateways usually require some embedded hardware security with a secure enclave or isolated environment (e.g., Trusted Platform Module (TPM), Trusted Execution Environment (TEE), and System-on-Chip (SoC)). This allows safe storage or high-value data and applications, as well as encryption keys and digital certificates used in IoT device management. This includes management of the gateway itself, but, in some cases, also management for all adjacent devices, depending on implementer pa-rameters and deployment requirements.
Key Considerations for PKI and Encryption Vendors at the Gateway Level: Making use of PKI in the IoT is quite challenging and must also be addressed at the gateway level. Key considerations include the following:
Advanced Edge Capabilities
Processing, Data Filtering, Bandwidth Capacity, Real-Time Operations, and the Cross-Vertical Value Proposition: Next-generation hardware capabilities must also include advanced edge processing power. Edge processing is not solely used to expand computing power and hasten software operations. It also extends into several key applications that deal with high-volume and potentially high-quality data traffic. The smart gateway transition into advanced edge processing serves various purposes, with the primary being decreased bandwidth capacity, intelligence efficiency, real-time operations, and cross-vertical implementations.
Increasing Efficiency of IoT Intelligence and Analytics: Because most data harnessed at the edge is not particularly useful for implementers, it makes little sense to spend additional resources and upload every piece of data only to be discarded again by implementers or cloud operators. Data filtering and data aggregation at the edge can help sort, manage, discard, and aggregate only the high-value data required according to implementers’ specifications, thus boosting intelligence efficiency.
Streamlining Real-Time Operations: Increased processing power at the edge, coupled with fewer bandwidth restrictions, data aggre-gation, and intelligence efficiency enables real-time operations to run more effectively. Streamlined real-time analytics and intelligence open an entirely new world for the IoT, allowing for precise management of critical or high-value applications, while also boasting a new value proposition for IoT security operations.
Modular OSS and Security Options
Modular OSs and SDKs: A key element in any smart IoT edge gateway is the presence of a secure and customizable OS to work as a stable platform, allowing communication between end devices and cloud services, and the protected use of applications. The use of a flexible SDK from gateway vendors is always a welcome sight for implement-ers. While the use of open-source software tools is not always the best choice security-wise, the Linux-based OS has become quite common. Its merit as a flexible and customizable software toolset is almost unmatched, prompting many gateway software developers to base their products on Linux kernels. This is especially true for monolithic Linux kernels, which come with already added device drivers, direct hardware communication, and application multitasking. Although security might be somewhat lacking in monolithic kernels, they are designed for devices with a higher digital footprint.
Advanced Security Options: Smart IoT edge gateways are also expected to have a greatly expanded security arsenal at their disposal. These options are highly dependent on the target application and should not be part of the gateways’ mandatory design because that would increase the cost considerably.
Firmware Updates – Security Capabilities Depend on the Connectivity Options On Which They Are Built: The network architecture and communication requirements for IoT deployments may very well be the deciding factor in any IoT implementation because analytics, management, and security capabilities depend on said appli-cation’s connectivity options. Firmware updates, cryptographic processes, managed security services, device life cycle management, and many cybersecurity endeavors must be enabled on top of the communication options on which they are built and the vertical or application at hand. One of the most crucial security operations for smart IoT edge gateways is the ability to perform firmware updates in a timely, secure, and reliable manner, which, in turn, frames many further options related to connectivity and security.
Aided by the influx of new Internet Protocol (IP) devices and the upheaval of new IoT integrations across all market spectrum, IoT gateways are set to experience significant growth over the next 5 years. As shown in Table 1, IoT gateway shipments are expected to increase from 102 million in 2020 to 169.2 million in 2025, at a 70% increase. Smart IoT gateway shipments will increase from 8.5 million in 2020 by a factor of 3.5 to 21.4 million in 2025, with an impressive 20% Compound Annual Growth Rate (CAGR).
Examining the Penetration Rate for the “Smarter” Components: The penetration rate of the IoT gateways featuring the more advanced “smart components” is expected to increase from 8.3% in 2020 to 12.6% in 2025. While this percentage may appear relatively small, it is a quite potent predictor for the future evolution of the IoT in its entirety because almost every vital piece of technological evolution that con-cerns the IoT (from embedded security to software and cloud security, cellular protection, and intelligence operations) has some aspect reflect-ed on the gateway device itself (using of native cloud support, encryp-tion, device management, OS, SDK, etc.).
What Do the Data Suggest? From the perspective of IoT connectivity and, perhaps more importantly, from the perspective of digital security, the data suggest that IoT players can at least expect some level of so-phistication and intelligence operations at the edge aided by IoT gate-ways. Unfortunately, the industry has certainly not reached the threshold required for truly secure, massive IoT integrations. With the fervent in-crease of IoT connections, which ABI Research forecasts will reach 20 bil-lion by 2025, a mere 169.2 million IoT gateways (not to mention only the fraction of 21.4 million of their “smarter” versions) is not nearly enough to safeguard future IoT ecosystems through edge-based security.
Since 1990, ABI Research has partnered with hundreds of leading technology brands, cutting-edge companies, forward-thinking government agencies, and innovative trade groups around the world. ABI Research’s lead-ing-edge research and worldwide team of analysts deliver actionable insights and strategic guidance on the transformative technologies that are reshaping industries, economies, and workforces today.
ABI Research’s Digital Security service offers end-to-end coverage of the digital security eco-system – from information and communication technologies to the operational control process. This research is particularly salient to enterprises facing the growing proliferation of cyber threats, while also becoming increasingly connected, as in the convergence of IT and OT.
Dimitrios Pavlakis, Industry Analyst at ABI Research is responsible for digital, biometrics, and IoT security research including cybersecurity, machine learning, and artificial intelligence with a focus on a wide spectrum on enterprise, consumer, and governmental verticals. He closely studies related markets, products, technologies, and applications from a hardware (devices, sensors, etc.), software (algorithm design, data extraction, security, etc.), and consumer (mentality, adoption, etc.) perspective.
This article originally ran in the Winter 2020 edition of Applied Wireless Technology.