Segregated networks might have been acceptable in the past. Paying for parallel infrastructures and labour skilled in both IT and IoT domains is too costly. And IT teams want uniform security and visibility across all connected devices, be they IT or IoT. These factors are forcing a convergence of devices onto commonly shared networks. However, managing multiple vendor devices has become a leading challenge for enterprise security. Onboarding and configuring potentially hundreds of devices throughout their lifecycles is extremely resource intensive. The answer lies in automated installation, security, and troubleshooting.
Automated solution
This solution automatically recognises when an Axis device attempts to connect to an IP network. By following the latest IEEE standards, the network can detect, identify, and validate the model and capabilities of the Axis device, and provide automatic security provisioning. It then establishes a secure, encrypted tunnel between the device and the target application. This saves countless work hours, ensures security standards are met, and removes the need for explicit physical staging networks.
No IT skilled labour is required in the field to deploy devices, and the system automatically reconfigures during adds, moves, and changes, regardless of the switch ports into which Axis devices are connected.
Industry best practice
“By ensuring that devices operate according to IT industry best practices, businesses can reduce risk and gain the ability to securely integrate our cameras into daily workflows that extend far beyond security,” said Dan Lundström, Axis’ Director of IT. “Together, Axis Communications and HPE Aruba Networking are elevating the value and impact of existing enterprise IoT devices for joint customers. Adhering to the highest level of industry security standards protects both our customers and industry at large.”
To address the device identity challenge, Axis and HPE Aruba Networking implemented the IEEE 802.1AR standard. This standard defines a method for automated, secure device identification and allows authorised network onboarding through the secure IEEE 802.1X network access control protocol (enabled by default on all Axis devices manufactured from September 2020 onwards).
Each Axis device is given an IEEE 802.1AR-compliant Axis device ID, a Secure Device Identifier (DevID), during manufacturing. These DevIDs provide the device authentication credentials to the network. Axis device IDs cannot be forged or transferred, and are stored in a tamper-protected hardware cryptographic computing module, called Axis Edge Vault. The vault also protects against probing, an important benefit since the devices may be installed in unattended locations for long periods of time.
Zero trust framework
“Collaborating on the integration and implementation of 802.1AR, 802.1X, and zero trust frameworks enables Axis and HPE Aruba Networking to address the security, visibility, and maintainability concerns of IT and facility managers alike,” said Michael Tennefoss, HPE Aruba Networking Vice President of IoT and Strategic Partnerships. “We have accomplished this using standards-based solution, which avoids vendor lock-in and allows customers to apply it across a broad range of IoT devices and applications today and into the future.”
Existing Axis and HPE Aruba Networking customers are already able to benefit from this partnership. The two companies have published an integration guide on how to onboard and manage Axis devices in an Aruba network.