Lenovo Rethinks Security for IoT Edge Devices and Infrastructures

By Charles King, Pund-IT, Inc.  November 12, 2019

Virtually all enterprises have experience with and understand the inherent challenges of managing and maintaining remote IT facilities and assets. However, the continuing momentum of Internet of Things initiatives and solutions at the edge of corporate networks is likely to stretch organizations’ knowledge and assumptions about remote IT to the limits.

Why so? Two points come immediately to mind. First, IoT assets, like edge gateway systems are designed to be deployed and to function in isolation. Sophisticated tools and autonomous features can help ease the management burden for IT but they do little, if anything, to secure devices against tampering or theft. Second, the pre-configured features and settings that enable IoT edge systems to operate on their own often exceed the capabilities of the staff tasked to maintain them. Any mistakes or accidental events may directly impact the success of owners’ IoT initiatives.

A recent blog by Doug Beloskur, IoT Product Manager for Lenovo’s Cloud and Software team discussed these issues and how the company is addressing them. Let’s consider Lenovo’s approach.

Securing the IoT edge

Edge of network devices can be the objects of different kinds of crime. Simple theft is the most obvious since an isolated edge of network solutions costing thousands of dollars make attractive targets for common thieves. But their access to and integration with corporate IT makes these devices attractive to cyber criminals hoping to steal data directly or infiltrate organizations’ larger networks.

What is Lenovo doing to thwart these scenarios? Beloskur highlights the company’s use of an intrusion switch that enables the ThinkSystem SE350, to detect when the cover has been opened by an unauthorized person. Lenovo has also integrated a sensor into the device to detect atypical device motion. If either the cover or motion sensor is tripped, the SE350 automatically goes into “lockdown” mode, encrypting all the data in its SED enabled SSD storage and preventing power distribution to the host system.

If a SE350 is locked down, offsite admins or edge users can unlock the system using Lenovo’s cloud based ThinkShield Key Vault Portal and the ThinkShield Edge Mobile Management app. These are the same solutions that customers use to unlock devices from the factory state (since systems are shipped from the factory in an encrypted/lockdown state so they are secured during shipping). Also noteworthy is that the ThinkShield SE350 and related solutions can be utilized in both Internet-connected and air-gapped IT environments.

Seamlessly supporting edge IoT from the data center

Beloskur also describes the potential vulnerabilities that can arise due to the “skills gap” between infrastructure administrators and IoT edge users at facilities, like warehouses, grocery stores and construction sites. Since administrators can’t be onsite to manage every IoT edge installation, some would consider the disparity in skills to be an unavoidable problem.

In contrast, Lenovo has used its understanding of the issue to craft solutions that extend the reach of infrastructure administrators and support the needs of IoT edge users. These include onboard security software and operational tools for the ThinkShield SE350 and other Lenovo solutions, including security set-up, and plug and play install and update functions that can be managed remotely. As Beloskur concludes, “Together, the infrastructure administrator and the IoT edge user work together to establish and maintain security at the edge.”

Final analysis

An oft-forgotten truism is that while new technologies may fix existing problems, they often create other challenges. In the case of IoT, the collection and analysis of information at the far edges of corporate networks is leading to new insights and enhancing the value of business data assets. But IoT deployments also require companies to adopt new, often unfamiliar approaches to deploying, managing, maintaining and securing edge of network assets and data.

Solutions, like Lenovo’s ThinkSystem SE350, ThinkShield Key Vault Portal and ThinkShield Edge Mobile Management app demonstrate how a perceptive vendor can anticipate problems before they occur and craft effective, secure solutions that meet its customers’ emerging needs.

© 2019 Pund-IT®. All rights reserved.