IoT roundup: Startups, big carriers flexing their IoT muscles and California legislation | Virtual Reality
California legislates IoT security
California’s state legislature this month sent a bill to Gov. Jerry Brown’s desk that would mandate the use of “reasonable” security features in any connected devices, which are defined as any device that “is equipped with a means for authentication outside a local area network.” So, essentially, anything that can be accessed via the Internet would be subject to SB 327.
As broad as that definition is, the security features that would be mandated if SB 327 is signed into law are quite narrow. The bill bans the use of default passwords for access, requiring manufacturers to either assign each and every device its own unique password as it rolls off the assembly line or to make users generate their own passwords the first time the device is started up.
As big an issue as default passwords are for IoT security, there’s a lot that the bill doesn’t do. Sophos’ Naked Security blog bemoans the fact that it leaves out “other security measures that should be table stakes for IoT security, such as device attestation, code signing, and a security audit for firmware in low-level components that IoT device vendors buy in from overseas suppliers.”
The tech sector has generally been left to its own devices by regulators – and hasn’t that worked out swimmingly, from a security standpoint? – and it’s much too early to say whether SB 327 represents a broader change, but it’s at least a step in the right direction.
Carriers double up on IoT
Vodafone announced earlier this month that it would double the size of its European NB-IoT network, making it more widely available than ever for use in smart-city solutions, connected agriculture and more. The company boasted that its NB-IoT network will be able to reach into basements and other tricky wireless environments, as well as support up to 50,000 connections from a single cell.
Stateside, it looks like AT&T is working on new SIM technology for IoT networks, which would integrate the SIM card directly into a chipset, making it easier to produce low-power connected devices at scale, and eliminating their need to use traditional SIM cards. (They’ve partnered up with Giesecke+Devrient Mobile Security and Altair Semiconductor to make this possible on Altair’s ALT1250 chipset.)
What’s more, Sprint and Ericsson took to the wires this month to announce two new IoT-specific things at the Americas edition of the Mobile World Congress. First, an IoT operating system aimed at simplifying device management and subscription information. And second, a virtualized network segment designed to reduced latency to IoT devices working on Sprint’s network.
The carriers seem to be confident that their role in the future of IoT is a big one, and they’re probably right.
Startup Locix tracks IoT assets
Stealing out of stealth this month is Locix, which landed a nearly $10 million Series B round to fund its advanced, camera-based location-tracking-and-analysis system. The idea is that Locix’s tech can be used to identify and track objects inside or outside of a facility with a high degree of accuracy and flexibility, all while reporting its data back to a cloud-based back-end that can plug into the analytics or machine learning engine of your choice for processing.
The flagship customer appears to be Prologis, a real-estate logistics and supply chain company that’s using Locix’s technology to route trucks around a docking bay in Ichikawa, Japan, as well as asset tracking at that facility.
Mobile edge compute, kinda
Edge computing is a big deal, particularly in IIoT, where computing-helps-a-lot-of-iot-security-problems-by-getting-it-involved.html”>it can help shield vulnerable industrial devices from security threats. The usual image that people have when talking about edge computing the way IoT experts mean it is a box sitting somewhere near a bunch of endpoint devices, but UK-based ORI industries is looking to turn that on its head.
ORI announced early this month that it has released an “on-demand mobile edge computing platform” called DNA. DNA is, essentially, a virtualized layer that sits on top of telecom networks and automatically identifies computing devices near endpoints that can be used to help manage them.
For the telecom companies, something like DNA is a way to leverage their massive capabilities into an edge compute line of business, while ORI hopes it’s also a way for developers to create new apps based on that capability.
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.