Today’s platform update provides a big security and usability improvement for Losant developers who connect their IoT solutions to third-party cloud services, in addition to new features for organization admins and application developers.
A core feature of Losant’s application enablement platform is its ability to easily connect with the managed services of Amazon Web Services, Microsoft Azure, and Google Cloud Platform. In most cases, usage of those services requires authentication, and the values that make up the auth request are considered highly sensitive. While application configuration is encrypted at rest and in transit, sensitive credentials are still returned in requests and are visible onscreen to anybody with application access — which could be a violation of corporate IT policy, not to mention a poor security practice.
That’s where Service Credentials come in: They’re a more secure and user-friendly way to store authentication keys that connect your IoT applications with other elements of your company’s cloud infrastructure. And most importantly, the sensitive portions of these credentials are never returned to the user after creation, greatly reducing the risk of unauthorized access to your data and processes.
Service Credentials are easy to configure: First, create an auth credential within your cloud provider account that allows service access from the Losant application. Then, within Losant, create a new credential for that cloud provider, give it a name, and copy/paste the values from the cloud provider into the Losant Service Credential.
Once you save the credential, the sensitive portions are encrypted a second time in Losant’s database, where they are used to authenticate real-time integrations (like Google Pub/Sub), workflow node executions (like the Azure: Function Node), and daily application archiving (such as backups to Amazon S3). Credentials are referenced by name when configuring those resources – in lieu of entering the sensitive keys inline per-resource – and the authentication data is retrieved at runtime within Losant’s secure, private cloud environment.
Above all else, Service Credentials is a security feature, and we recommend our users migrate their IoT applications to use this new authentication method to take advantage of its many benefits:
Supporting all of Losant’s integrations with the big three cloud providers is just the beginning; eventually, Service Credentials will support API tokens for HTTP Nodes, private keys for FTP Nodes, usernames and passwords for Redis Nodes, and more.
Today’s release also provides some additional insights into an organization’s payload consumption over time. Just as we exposed stats about notebook minute consumption in our last release, we’re now doing the same for tracking billable payloads at the organization level.
The interface allows for comparing the current billing period to either of the previous two periods, including cumulative payload counts, per-day and per-hour breakdowns, and trend lines based on current consumption. This helps users diagnose runaway payload usage and modify application behavior before overage fees apply.
Expect continued improvements to this portion of our platform as we bring these same insights to users’ sandboxes, and also more granularly at the application level.
As always, this release comes with several minor features and improvements, including:
With every new release, we listen to your feedback. By combining your suggestions with our roadmap, we can continue to improve the platform while maintaining its ease of use. Let us know what you think in the Losant Forums.