NICE Alliance today released its 1.0.1 version of specifications, including key updates to expand support for non-image data produced by IoTs and support for containerized deployments of NICE applications for all types of edge devices, allowing availability of many existing IoT devices within the NICE ecosystem.
The current security practice for IoT devices is limited to a controlled encryption focus between a given IoT device and the Cloud. IoT devices, and specifically integrating image sensors, generate very sensitive video image data stored and processed in the cloud and on mobile devices. Existing solutions do not address who and what can access and process sensitive data once it has reached the cloud. Typical implementations require complex manual password management to enable multiple applications, and disabling the application requires the resetting of multiple passwords to avoid unauthorized access to devices and the data generated by devices.
Coming to the table with a practical solution, the NICE ecosystem separates device, data and application securities, enabling each to be managed independently. For example, when a user enables an application to interact with the device, the application does not have access to the user’s account or device identity and passwords. The duration of the application’s access can be time-limited without requiring the user to update their passwords. The same approach can be applied when accessing a user’s data – an application can provide time-limited access to a given subset of data without requiring the user to change their personal or device passwords. NICE implements these security provisions using online cloud license authority to (i) bind the device with unique ID and security keys at manufacturing, (ii) secure the device to a particular user when it is being registered to the user and (iii) specify user permission for each application instance maintained by NICE License Authority.
“Riscure performed an independent security review of the NICE Alliance specifications, version 1.0.1. The goal was to provide objective feedback, and recommendations regarding the security measures defined by the specification, in accordance to their predefined threat model. We believe the actions taken by NICE Alliance positively contributes to a more trustworthy ecosystem for network cameras and IoT devices,” said Mr. Maarten Bron, Managing Director of Riscure, Inc.
The audit conducted by the Riscure focused on three main components of the specification:
- Device access management to control the device and receive data
- Data management within the cloud, including several stages of analytics
- Data privacy authority, particularly for personal and private images
The foundation for the secure operation of NICE is the safe handling of keys that are used to encrypt data and control access to IoT data and devices. Microsoft Azure Key Vault is complementary to NICE security and its secure cloud process and management. Azure Key Vault is fully certified in accordance to several international security standards, elevating the NICE ecosystem to a massive scale, while maintaining security and adhering to established industry security practices.
“NICE Alliance is pleased to have qualified a security audit from industry partner Riscure and further collaborate with Microsoft to bring a world-class security and data protection system for IoT Video Intelligence Solution globally,” said David D. Lee, CEO of Scenera, which plays an integral role in spearheading the key innovations in NICE Alliance.
Matt Fleckenstein, Senior Director for Azure Product Marketing at Microsoft Corp. said, “Microsoft is pleased to be supporting NICE achieve the highest levels of security for keys supervision in the cloud in a scalable and cost-effective manner. The success of IoT deployments ultimately relies on the security of device and data being generated and Microsoft is committed to enabling its customers the highest levels of security and data protection.”
NICE Alliance continues to develop its infrastructure and establish guidelines for the ecosystem, which will be open for all companies and interest groups who would like to participate in contributing and adopting the specifications.