The move to the cloud started decades ago. Consumer apps were first, followed by enterprise front-office apps (e.g., CRM), back-office apps (e.g., financials, HR, supply chain), and IoT apps. And, now, it’s time for the super back-end—those for the Industrial Internet. What’s different about developing industrial applications, however, is that the process can be life-changing. While it may sound like hyperbole, industrial applications truly have the power to impact human life. Even, to change the world.
Tons of applications on the market today help solve personal convenience problems. Push a button and see that your fridge is empty. Push another and dinner is on its way from your favorite restaurant. Not to knock on these nice-to-haves (or, even, the consumer or enterprise app space), but there’s another world out there. One where factories, farms, and plants could be reaping unprecedented savings in operational costs, resources, and energy; where hospitals and healthcare facilities could be using artificial-intelligence-enabled machines to provide more efficient care; where city authorities and public infrastructure services could be using smart light bulbs and smart parking meters to keep communities safer.
As an app developer, this is the real-world opportunity. And frankly, would you rather be known for developing an app that encourages users to put fruit helmets on their cats’ heads? Or would you be more interested in developing an app that enhances air travel safety by optimizing jet engine maintenance?
Do Good, Make Good
If that’s not motivation enough, what’s also great about the Industrial Internet of Things (IIoT) is the fact that it holds tremendous financial opportunity for app developers. Not only is it less saturated than other markets, but, as IndustryARC Research predicts, it will reach $123.89 billion by 2021. For the foreseeable future, IIoT is “where it’s at” for developers who want to a.) monetize their products and b.) affect real change at the same time. In other words, the place to make good while doing good.
And there’s no better company to partner with than GE Digital. We have years of experience building software applications, such as Asset Performance Management (APM) and others for industry, and the design of our Predix platform incorporates best practices to enable the rapid and secure development of high-quality Industrial Internet applications. With the combination of our cloud platform, partner ecosystem, and security-first mindset, GE Digital is well set to cultivate and support a growing community of fresh, bright minds dedicated to innovating for the industrial sector.
A Secure Development Lifecycle
On the Predix platform, it’s essential that developers are well-versed on the most common cyber vulnerabilities and potential attack surfaces as well as how to prevent or shut them down during the requirements gathering and architecture/design phases of development. For example, developers should understand how to minimize the number of high-consequence targets by applying the principle of least privilege; separation of privileges, duties, and roles; and separation of domains.
From coding/implementation perspectives, the platform requires that all products go through rigorous defensive and offensive security tests to identify and remediate vulnerabilities prior to production deployment. GE Digital uses leading-edge testing tools and best-of-breed ethical hackers to evaluate and ensure that no security vulnerabilities have been overlooked—as well as to reassure customers and partners that our products are embedded with the utmost, pervasive security protection.
All developers on the Predix platform are required to follow GE’s Secure Development Lifecycle (SDL) best practices at every layer—including infrastructure, platform, data, and application services—with the goal of reducing risk exposure for the platform and its ecosystem of products and services. Comprised of tracks for training, secure design and architecture, threat modeling, and security scans and penetration testing, the SDL framework establishes a set of requirements and guidelines to ensure security is built in—not bolted on—to Predix products, applications, and services. More specifically, the tracks include:
- Developer Security Training. Ongoing courses are provided to developers to improve their understanding of techniques for identifying and mitigating security vulnerabilities. Training focuses on topics like threat modeling, DAST testing, and coding techniques to prevent common defects such as SQL injection.
- Design/Architecture Review. A collaborative effort between the ISV customer development/engineering teams and their own product security group to assess and develop application or service design patterns that mitigate risk to the platform and associated applications and services.
- Threat Modeling. A structured approach for analyzing the security of an application, with special consideration for boundaries between logical system components that often communicate across one or more networks.
- Security User Stories/Security Requirements. A description of functional and non-functional attributes of a software product and its environment that must be in place to prevent security vulnerabilities.
- Automated Dynamic Application Security Testing (DAST). A process of testing an application or software product in an operating state, implemented by a Web application security scanner.
- Automated Static Application Security Testing (SAST). A process of testing an application or software product in a non-operating state, analyzing the source code for common security vulnerabilities.
- Open Source Software (OSS) Vulnerability Testing. A process of testing to identify open source in the product code base, map known vulnerabilities, and recommend remediation for detected vulnerabilities.
- Red Team Penetration Testing. Hands-on security testing of a runtime system to uncover more complex security flaws potentially missed by DAST or SAST tools.
The Predix platform allows developers to design, deploy, validate, and market products to a large ecosystem of industrial partners. They’re not only partnering with GE, they’re becoming a member of an extended community of developers and industrial specialists that include other technology companies, academia, consultants, and systems integrators. It’s a place where developers can build trusted, meaningful apps faster, and where everyone can flourish under a common goal.