The LF Edge community comprises a diverse set of member companies and people that represent the IoT, Enterprise, Cloud and Telco Edge. The Member Spotlight blog series highlights these members and how they are contributing to and leveraging open source edge solutions. Today, we sat down with Dave Smith, President of Mocana, to discuss the importance of open source, collaborating with industry leaders in edge computing, security, how they leverage the EdgeX Foundry framework and the impact of being a part of the LF Edge ecosystem.
Can you tell us a little about your organization?
Mocana revolutionizes OT and IoT with cyber protection as a service for trustworthy systems. The company helps device operators bridge the adoption challenge between vendors and service providers, and delivers key cybersecurity benefits to the emerging 5G network, edge computing applications, and SD-WAN enterprise networks. Mocana protects the content delivery supply chain and device lifecycle for tamper-resistance from manufacture to end of life, with root-of-trust and chain-of-trust anchors. Mocana measures devices for sustained integrity and the trustworthiness of operations and data to power artificial intelligence/machine learning analytics. The Mocana team of security professionals works with semiconductor vendors and certificate authorities to integrate with emerging technologies to comply with data privacy and protection standards. The goal of cyber protection as a service is to eliminate the initial cost of modernization for device vendors and empower service providers to offer subscription-based services for the effective and efficient expansion of corporate and industrial digital transformation strategies.
Mocana’s core technology protects more than 100 million devices today, and is trusted by more than 200 of the largest energy, government, healthcare, manufacturing, IoT, telecommunications & networking, and transportation companies globally.
Mocana is eager to support the global body of customers adopting the EdgeX Foundry open source solution. OpenSSL is by far the most broadly integrated and implemented open source security stack. It comes freely available and is distributed as part of the LF Edge distributions. However, in recent years OpenSSL has come under scrutiny because of critical security vulnerabilities and the resulting issuance of CVEs. The Heartbleed vulnerability from 2014 was a notable exploit, and there are several other recent CVEs that have generated concern in the information security community. The strategy of taking a defensive position through ongoing patching of vulnerabilities continues to challenge efforts to protect mission-critical OT environments.
Since the founding of the LF Edge projects, the goal has been to pull together a body of code to standardize the microservices delivery and orchestration for edge computing systems and devices. The projects continues to advance commercial third-party solutions to address key functional areas, especially for mission-critical and vertical industry applications. Mocana’s solution is based upon a commercially supported, NIST FIPS 140-2 certified, cryptographic module. Many of the company’s Fortune 500 customers have realized significant benefits from the ability to quickly migrate from default products integrated with OpenSSL to Mocana’s offering, leveraging its OpenSSL connector.
Why did you join LF Edge, and what sort of impact do you think LF Edge has on edge computing, networking, and IoT industries?
Developing, deploying, operating, and managing IoT and edge computing requires a community of key, forward-looking technology innovators. The IoT-edge ecosystem spans a wide supply chain from first silicon to the cloud, and includes system integrators, end-user operators and asset owners. Mocana was one of the first 50 founding members of EdgeX Foundry in 2017. Early on, the company took an industry leadership position by driving industry adoption through off-the-shelf solutions developed through stakeholder collaboration. This approach addressed a variety of common use cases delivered by new edge computing technologies and applications, and required much more than a reference architecture. Mocana recognized the need for the user community and developing ecosystem to leverage community-developed code (e.g. Github) to reduce feature and software code duplication and enable the broadest possible market adoption. The customer benefit reduces the implementation risk for such new technologies and accelerates community stakeholder time to market.
What do you see as the top benefits of being part of the LF Edge community?
Mocana values LF Edge’s ecosystem breadth and depth of community members and stakeholders, which includes chip companies, device ODMs, OEMs, carrier service providers, and asset owner/operators. Each contributes key use case challenges that have been invaluable for ensuring that LF Edge can support key technology developments and marketplace challenges.
What sort of contributions has your team made to the community, ecosystem through LF Edge participation?
As key contributor to the community, Mocana worked with the EdgeX Foundry Security Working Group and offered insights and guidance on vital security use cases. The company ensured there was always a path to address developing cybersecurity mandates and best practices from NIST Cybersecurity Framework and ISA/IEC 62443. As a result, the community has delivered a number of key security functions. They added a reverse proxy, provided a method to secure the key store with the ability to manage it, and has integrated access to session-based security to the microservices.
Perhaps most important, Mocana has enabled the community to incorporate a scalable, robust, and commercially supported cybersecurity offering for EdgeX Foundry production development and deployments.
Mocana developed its OpenSSL connector to ease migration from default project configurations with OpenSSL to Mocana’s TrustCenter and TrustPoint offerings. This solution aligns well with the project’s objectives to accelerate adoption and deployments of standardized implementations addressing key edge computing use cases with microservices.
What do you think sets LF Edge apart from other industry alliances?
Delivering actual code that organizations can download, compile, run, and then operate is a tremendous benefit compared to most other industry alliances. It is a major differential in comparison to groups that only suggest frameworks and prescriptions of possible features, implementations, and suggested “best practices.”
Demand is growing for edge computing solutions. Hitting 5 million downloads of the EdgeX Foundry SDK in May are proof of that. Mocana also is beginning to see initial commercial success and adoption in the innovation and R&D centers by key community members. The company’s ability to enable its fully integrated TrustCenter and TrustPoint solutions leveraging an OpenSSL connector provides a clear and rapid path to EdgeX device security lifecycle management and supply chain provenance. Plus, it will increase adoption of Mocana’s latest edge device offerings from the community.
What advice would you give to someone considering joining LF Edge?
Find your niche in one of LF Edge’s nine collaborative projects where your offering can deliver the most value and contribute. There has never been a better time to participate in this open source community, which is looking for complementary solutions and ways to deepen the ecosystem.