Kaustabh Debbarman
Frequently, we have contact to new cybersecurity startups or vendors which would like to present innovations and new solutions to the community.
In our day-to-day business we analyse customer requirements towards cybersecurity and identify suitable providers of products and services. Therefore, we have collected a significant number of interesting provider and solution profiles which we would like to share.
Today, we start with LAAVAT, a company from Finland with a cloud-based solution named LAVAAT to secure IoT devices. We are happy to have the opportunity to speak to Mr. Kaustabh Debbarman, CEO and Co-Founder of LAAVAT.
Mr. Debbarman, you co-founded LAAVAT. What was your target when you established the company?
Digital transformation and expansion of a connected world were emerging as dominant technological trends around the same time when we set up LAAVAT. When we set out on the LAAVAT journey, our vision was to leverage our vast experience in securing smart and connected devices to help companies mitigate cyber-security risks in a connected world. We wanted to build a solution that is built ground up, keeping in mind the needs of connected devices. We also looked forward to making LAAVAT a great place to work for our talented team.
Can you tell us a bit about your solution? What does your cloud solution do in order to secure IoT devices?
Manufacturers and integrators of IoT devices for industrial automation and control systems use the LAAVAT solutions to fulfil requirements from standards such as IEC 62443. We help to secure devices across the lifecycle by enabling features such as secure boot, secure firmware updates, and strong device identities for zero-touch provisioning. This is achieved by utilizing the LAAVAT cloud-based platform for centrally managing cryptographic keys, identities, and operations such as image signing & encryption, device key & PKI management, and secure manufacturing. The platform can also be deployed to the customer’s data centre to ensure business continuity.
What would be the 3-5 key features of LAAVAT?
Some of the key LAAVAT platform features are:
- Device key and PKI hierarchy management, which supports the automated creation of IoT device-specific keys for secure boot, firmware signing, encryption, and PKI hierarchies. Cryptographic keys are centrally protected by solutions such as AWS cloudHSM to ensure quality and protection in use and at rest.
- Solution to sign, encrypt and package firmware images and other artifacts, such as Windows and Linux packages.
- Providing access to the cryptographic operations needed during manufacturing, such as the creation of strong device identities and signing device-specific manufacturing data
What is special about your solution? Where does it distinguish from existing solutions with the famous term ‘USP’?
Our solution is built ground up, keeping in mind the needs of connected devices. The solution abstracts the creation of all the needed keys, PKI hierarchies, and certificates for devices based on widely used chipsets. We also protect the cryptographic material in transit from the platform to the actual devices during manufacturing.
Additionally, the platform doesn’t require the usage of any closed-source components on the embedded device and is independent of any cloud provider’s feature roadmap.
You operate also within manufacturing areas. How do you discuss the sensitive topic of cloud access from shop-floor level with your clients or is it not required?
As part of our offering, we provide a solution that enables the programming station in the manufacturing area to access the centrally managed device-specific cryptographic material securely. If our customers are not comfortable with the cloud setup, they can run the LAAVAT platform also in their data centres within restricted networks.
Can you tell us something about the security ecosystem in Finland? What is maybe specific?
Finland has traditionally had a pretty mature security ecosystem. There are governmental agencies involved in growing the ecosystem and supporting the players within. Upcoming regulations at the EU level and the growing importance of standards such as IEC 62443 are driving the increasing importance of security-related topics among the various industry players and the growth of the security ecosystem.
Clients in e.g. the German speaking markets mostly ask for local support capabilities. How does your support concept look like?
Our support model has been based on a remote offering for our international customers. However, as we are actively expanding into the German market, we are looking at possibilities for setting up local sales and support capabilities.
Mr. Debbarman, thank you for the interview!
Please remember: This article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.
And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.
