The lack of holistic security assurance for IoT systems, companies cannot guarantee high security and privacy levels. It is difficult to monitor IoT environments, and lack of automatic remediation in case of SLA violation. Compliance with GDPR requires systematisation of security and privacy assurance mechanisms and evidences be collected.

Moste clients only use traffic monitoring tools. Limited control capabilities. Not integrated with design, no DevOps nor risk-driven security controls.

ENACT Security Monitoring and Control Enabler

The Enabler prototype will be a software product and consultancy service for product customisation will be offered together. Technology transfer of open source parts. Licensing of closed parts (advanced features).

MUSA Security Assurance Platform and MUSA Security Controls Metrics catalogue.

A security monitoring and control tool that offers IoT system operators the possibility of controlling the security of their system with a minimal intervention and full integration with security-by-design (risk analysis) mechanisms used, following the DevOps approach.The prototype includes heterogeneous monitoring and enforcement agents to capture and analyse security metrics to detect SLA violations, as well as assessing the security controls deployed in different layers.

Dual License

Number and type of early adopters besides ENACT end-users. Number and types of tool functionalities used.

TRL5 in the project and TRL7 1 year after.

Monitoring for controlling the security of the multi-cloud applications, considering heterogeneous information (container, application, network, etc.). This technique can continuously check compliance with the agreed security SLA, and implement several reaction mechanisms that take into consideration the severity of the detected security deviation, with the possibility of repelling or mitigating negative effects.

Combines network and IoT platform level monitoring and control, and it is based on a comprehensive catalogue of formal metrics.

App Operators

The targeted customers are SMEs or large software companies planning to offer secure and GDPR compliant IoT systems, preferably those adopting the DevOps paradigm. The early adopters are the end-users of ENACT.

IoT systems in any domain. Full functionality will be exploited in SOFIA (SMOOL) based IoT systems.

Tecnalia customer channels, Tecnalia marketing as well as internal and external exhibitions/industrial events.

Tecnalia marketing and Tecnalia business development forces

Personnel costs to bringing prototype to the “market”.

Hosting costs. Staff required: 1 senior developer (12 months) + 1 administrator.

Depending on the result of Tecnalia Elevator pitch event.

The Enabler will be provided with a 30-day free trial. The business model could be pay-per-use (each month or year) or per license, and will be part of the ENACT Framework license.