Unlike other IIoT security models that rely on a trusted perimeter, a Zero Trust Security framework provides broader coverage by distrusting every network device and user along the data path.
Working in cybersecurity, the good guys are expected to think like the bad guys.
Let me explain. Institutions world-wide are still guarded when it comes to cloud computing, and while the cloud generally offers greater protection against cyberattacks than on-premise data storage and processing, it is not impenetrable to hackers.
Despite this leeriness, roughly 60 percent of all corporate data already exists in the cloud. And cloud migration continues to accelerate. By 2025, 85 percent of corporate IT departments will have adopted a “cloud-first” strategy, prioritizing cloud technologies over on-premises solutions.
That’s why, when developing the FreeWave® Insights™ cloud-based data platform, our team assumes the “bad actor” role. To ensure the integrity and security of data in the cloud, our team is charged with finding and exposing any weak spots. We must anticipate every conceivable threat and vulnerability. We think like the enemy so we can forge armor that guards against brute attacks and sneaky infiltrations alike.
Zero Trust, Cloud, and Cybersecurity
And that brings me to another part of my job: helping customers see the good in the cloud (in cyberspace), sometimes convincing them that it truly does not harbor threats as ubiquitous and unconquerable as the “vicious, Lovecraftian monsters” that lurked in the low-lying cloud (of the atmospheric variety) in the horror film The Mist. I can do so with confidence because our Insights platform — in conjunction with FreeWave’s Fusion™ radios — uses a Zero Trust Security framework to keep data secure all along the data pipeline and into the cloud.
We’ll delve into Zero Trust Security in a bit, right after this plot twist: concerns about cloud security are indeed legit, but in the IIoT world, the cloud represents just one part of an ever-expanding attack surface of potential entry points for cybercriminals. It’s not so much cloud adoption as the rapid expansion of IIoT ecosystems — where numerous devices are connected and continually exchange data — that poses the greater cybersecurity threat. The proliferation of IIoT devices broadens network vulnerabilities, as each device becomes a potential cyberattack vector.
That’s why a cybersecurity framework must extend from the cloud all the way to the edge, encompassing every networked IIoT device.
This is where Zero Trust Security comes in.
Never Trust; Always Verify
A Zero Trust Security framework regards all network devices and users as suspect and ignores data from any source until the sender provides verifiable proof of identity. Unlike Virtual Private Networks (VPNs) and other conventional security models that control access to a trusted perimeter, Zero Trust Security requires multiple layers of authentication and authorization as part of a continuous process.
A Facilities Management Advisor article aptly illustrates the difference by likening a VPN perimeter to airport security: You show your ID at the checkpoint, and once inside, you can “roam freely and check out all the shops, terminals, and gates.” Potentially, a fake ID could provide entry to the perimeter and unimpeded access within it. But if Zero Trust were in play, “you can access only the terminal, gate, and plane you are authorized to use when you get through security.”
And what does it take to pass through security? Strict access controls include various cryptographic techniques including encryption (public) and decryption (private) “keys” and digital certificates. (I Googled “How to explain public and private keys to laymen” and up popped this discussion, which paints a clearer picture than the way I tend to describe Zero Trust cryptographies: as an elaborate secret handshake known only to card-carrying club members.)
Besides assuming that every network-access seeker is an impostor or a malicious actor until proven otherwise, Zero Trust Security limits access based on the principle of least privilege, meaning that devices, users, and applications are only granted the minimum level of access required to perform their tasks. In addition, Zero Trust Security divides firewall-protected network zones into smaller, isolated micro-segments — each with its own access controls and encryption — to further prevent lateral movement by evil geniuses who manage to circumvent the first line of defense.
End-to-End Data Pipeline Security
The FreeWave Insights data platform takes Zero Trust Security all the way to the edge. The platform allows for the secure flow of information from IIoT devices and other data sources to the cloud for analysis and then to an onscreen user interface, or dashboard, which custom-displays different data sets for different users depending on their position and permissions.
FreeWave’s Zero Trust Security framework starts with our Fusion radio gateways (coming soon!) that collect and transmit data from IIoT devices in the field. An easy-to-install application is all it takes to transform Fusion radios into cybersecurity fortresses by activating Zero Trust verification and encryption. The encryption process essentially wraps data in a Zero Trust packet for secure transfer to the cloud, where another app unwraps, or decrypts, the data and delivers it to the end user. But first, the Insights platform prioritizes, analyzes, and graphically represents the data based on the user’s dashboard preferences.
FreeWave customers might have hundreds of IIoT sensors — many of them unsecured — operating across several industrial sites. All of these devices are integrable with our Fusion-based data encryption software and our cloud-based Insights data platform.
Notwithstanding my penchant for envisioning the worst-case scenarios, I know a good thing when I see it. And Zero Trust Security is a good thing. But don’t take my word for it. According to IBM’s most recent Cost of Data Breach Report, Zero Trust strategies reduced the average cost of a data breach by $1.76 million in 2023. And, in its Market Guide for Zero Trust Network Access, Gartner asserts that Zero Trust architecture “erects true, identity-based barriers that are proving more challenging for attackers to circumvent than traditional network-level VPNs and firewalls.”
Bottom line: Zero Trust Security is the best defense against cyberspace villainy.
Richard Reisbick is CTO for FreeWave, provider of industrial wireless and IIoT solutions creating a frictionless path from operational data to extraordinary decision-making for business transformation. As an inventor, he has prioritized the user experience and engineering architecture of hardware and firmware for more than 20 products utilizing MCU, DSP, and FPGA technologies.
