The Importance of Tenant Separation and Authentication Standards in IoT Security

CONNECTIONS Europe 2017 Wrap-Up
November 7, 2017
Blog: IoT Security – 10 Part Series
January 9, 2018
Show all

This is the tenth and final blog in a series of Arrayent posts on IoT security. The series is written for employees of companies who sell connected products, especially those new to IoT. With this series, we hope to bring a basic level of awareness and understanding of key issues that face everyone who develops connected consumer products. We also hope to stimulate an ongoing dialog that helps move the conversation about connected products security forward.

As a provider, as well as customer, of cloud services (Prodea’s own business is run in the cloud), we know that data is at the heart of IoT, and that companies with connected products and services need to know their data is safe.

When considering cloud SaaS vendors, one of the first questions to ask is: “Will our data be mixed with data from other companies?” We are asked this question by all of our cloud infrastructure customers, even the dominant players. It has to be answered to their satisfaction before they engage.

Why is this so important? Cloud software revisions will require slightly different data type and format to be handled and managed by the cloud applications. Not having separation will make it harder if not impossible to manage these differences. In addition in case of malfunctions, preventing ‘leakage’ of information is most important is easier to achieve with some level of tenant data separation

TENANT SEPARATION
There are generally three types of database structures for SaaS. There is a great primer on it in Dev.to and in a nutshell it comes down to:

  1. Single Tenant (full data separation)
  2. Multi-Tenant (no data separation)
  3. Virtual Multi-Tenant (logical data separation)

In the case of big consumer applications and email services, tenant separation may not be a cost-efficient solution—and wouldn’t make sense for the Googles, Apples or Amazons of the world that have millions of customers (which would mean millions of database tables). In their case, there are a number of intelligent steps taken, and different strategies at work, to protect the data. But even with very smart people behind the scenes, even big companies like Yahoo have experienced a breach that exposed the data of over 10 million users.

With really sensitive data such as that collected by IoT product companies, it’s extremely important to have a well thought-out and tested strategy for separation of user data—and it’s best for each customer to have their own set of data tables.

Within Prodea’s Arrayent IoT services platform, we use a virtual tenant separation where each customer data is logically separated from others—and we don’t mix data tables between customers. It provides for the dlexibility needed in running slightly different software revisions and enables the level of security that our customer require.

In the case of administration functions, another critical aspect is dual-factor authentication for administration functions. Dual-factor means you don’t only have a username and password, but also one additional item that is required to access a system.

AUTHENTICATION SCHEMES
As with tenant separation, there are also different levels of authentication schemes:

1) Single-factor authentication. This is the simplest and it’s something you already know: matching one thing to verify yourself online, like a password to your username.

2) Two-factor authentication In addition to your password/username combo, two-factor authentication asks to verify who you are with something that you, and only you, own, such as a mobile phone or security token.

3) Multi-factor authentication. In addition to the password/username combination, multi-factor authentication requires that a user confirms a group of things to verify their identity. This is usually something they have—like a biometric scan of a fingerprint, palm, or retina—or another form of authentication which can include location and/or time of day.

Multi-factor authentication (MFA) is the standard for administrative access these days. For multi-factor authentication, a security token is something that is generally easier to accomplish than a biometric scan, although a palm scan is also common. The token can be generated with an application on a mobile device that provides a temporary code or time-based token (commonly known as “one time use token”) via an application such as Google Authenticator. This smartphone-based app that works offline allows you to access your sensitive accounts like Slack, Amazon Web Services, your bank account, etc.

The bottom line is that mature enterprises understand why MFA is critical because of what’s at stake.

Prodea’s use of two-factor and multi-factor authentication also helps our customers with regulatory privacy compliance. These procedures help limit the sharing of usernames and passwords which is a problem for administrators who want to eliminate credential sharing. They also create an audit trail for each user which provides another large benefit for Prodea customers.