Cloud security is a hot topic and increasingly coming under more scrutiny, much like the Internet of Things (IoT) and BMS security. Implementing a cloud service can be very complex. There are a myriad of services and frameworks from which to chose, including more complex custom solutions. Experience in software, firmware, and hardware is required to achieve a coherent and secure result.
Cabot Technologies offer a holistic approach to cloud security and have experience in cloud architecture, API design, web development, hardware and firmware development. This allowed us to help a recent customer upgrade their home automation cloud service and be the single point of contact during project development.
Our customer had previously developed a custom home automation product. This included a cloud service to allow their customers to control their air-conditioning and lighting from outside of their home using a web interface over the internet.
There were a number of reliability issues with internet connectivity and their service was increasing being blocked by modern browsers due to cloud security issues. To make matters worse, there was little to no documentation of any sort. Development was originally done by a number of developers, including some outsourced labour. This resulted in a very fragmented codebase that needed untangling before we could offer advice.
Before any development or remedial work was proposed, we undertook a detailed investigation of the existing system. This involved going through existing web server code and device software. This culminated in a 31 page report of our findings and recommendations. We wrote this report to carefully explain each problem found, a summary in layman’s terms, and more in-depth technical details.
We delivered this security report to the customer with an accompanying itemised quotation for full transparency, and invited them to consult with other tech specialists or developers if they wanted a second opinion. After reading the report, the customer later approached us to commence the security upgrade as quoted.
Our customer made it clear that they had a limited budget as significant development works had already been undertaken to get to this point. They were also offering this cloud service subscription free, meaning costs needed to be recouped in product sales. We worked with them to provide a secure solution that didn’t require starting from scratch.
First, we built a new API for their cloud service that implemented strong security and modern best practices. We then adapted their existing website to utilise the new API. The result looked identical to their original website for their users, but included the much needed security features to keep them safe.
The hardware installed in the user’s homes also required significant updating. Again, we were able to preserve the existing web interface for the users, but greatly improve security. Using the new cloud API, we effectively curtailed all of the insecure communications. We also implemented a better firewall system and unique authentication credentials per device.
We also implemented a number of intelligent data usage rules between the cloud API and hardware. This allows devices to ‘idle’ using less data when not actively being viewed by a user, but then ramp-up to high-resolution data for responsiveness when in use. This helped keep ongoing infrastructure costs down for their subscription-free service, but still deliver good performance for users.
- Upgrading the existing system to the latest security best practices without a full overhaul.
- Project budget restraints.
- Varying customer network configuration and complexity.
- Responsiveness of remote control of air-conditioning and lighting.
- Compatibility with modern devices and web browsers.
We also assisted our customer with testing using our staging infrastructure. This meant we could do bug and performance testing without interrupting their existing system during development.
Full documentation was provided for all works including instructions for deployment. We then installed the new cloud system on their servers and continue to offer technical support.
Please drop us a line if you’d like us to help review or secure your cloud service.