Do you have an idea or suggestion based on your experience with Azure IoT Edge?

← Azure IoT Edge

Optional signature for the deployment manifest

Optional signature for the deployment manifest, so that the IoTEdge can verify the integrity of the manifest independent of transport/cloud integrity.

The overall objective should be to at least enable users of the Azure IoT edge solution to secure/harden the system in a way that even a cloud breach couldn't lead to a corruption of the local systems or an information leak. At the moment the system depends solely on the cloud integrity - but a second security barrier should be available.

For sure there are multiple starting points - e.g. signing container images; generally disable upstream-messaging. But the biggest security improvement from my perspective could be to prevent the possibility to alter deployments in case of a cloud breach - so maybe an optional cryptographically secure signature of a deployment manifest that the edge could validate is an option.

9 votes

Sign in

(thinking…)

Sign in with:

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

We’ll send you updates on this idea

Andreas Ländle shared this idea · Dec 18, 2019 · Flag idea as inappropriate… · Admin →

under review · Jan 13, 2020

0 comments

Add a comment…

Sign in

(thinking…)

Sign in with:

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

An error occurred while saving the comment

Sign in

(thinking…)

Sign in with:

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

Sign in
Sign up

Azure IoT Edge: Deploying modules

Searching…

No results.
Clear search results

Give feedback
- (General Feedback) 6,320 ideas
- Additional Services 324 ideas
- Analytics Platform System 20 ideas
- API Apps 0 ideas
- API Management 622 ideas
- Automation 524 ideas
- Azure Active Directory 4,865 ideas
- Azure Active Directory Application Requests 273 ideas
- Azure Advisor 32 ideas
- Azure Analysis Services 188 ideas
- Azure API for FHIR 12 ideas
- Azure App Configuration 39 ideas
- Azure Arc 25 ideas
- Azure Automanage 2 ideas
- Azure Backup 514 ideas
- Azure Blockchain Service 10 ideas
- Azure Bot Service 32 ideas
- Azure Certified Device 15 ideas
- Azure Cloud Shell 359 ideas
- Azure Cognitive Services 34 ideas
- Azure Confidential Compute 2 ideas
- Azure Container Instances 161 ideas
- Azure Container Registry 94 ideas
- Azure Cosmos DB 264 ideas
- Azure CycleCloud 4 ideas
- Azure Data Explorer 198 ideas
- Azure Data Share 10 ideas
- Azure Database for MariaDB 18 ideas
- Azure Database for MySQL 71 ideas
- Azure Database for PostgreSQL 149 ideas
- Azure Database Migration Service 76 ideas
- Azure Databricks 254 ideas
- Azure Dev Spaces 9 ideas
- Azure Digital Twins 19 ideas
- Azure Event Grid 63 ideas
- Azure FarmBeats 12 ideas
- Azure Functions 228 ideas
- Azure FXT Edge Filer 0 ideas
- Azure Governance 202 ideas
- Azure HPC Cache 0 ideas
- Azure IoT (Hub, DPS, SDKs) 319 ideas
- Azure IoT Central 152 ideas
- Azure IoT Edge 84 ideas
- Azure IoT Security 0 ideas
- Azure IoT Solution Accelerators 44 ideas
- Azure Key Vault 173 ideas
- Azure Kinect DK 64 ideas
- Azure Kubernetes Service (AKS) 289 ideas
- Azure Lighthouse 29 ideas
- Azure Management Groups 21 ideas
- Azure Maps 73 ideas
- Azure Marketplace 449 ideas
- Azure Media Services 251 ideas
- Azure Migrate 57 ideas
- Azure mobile app 357 ideas
- Azure Monitor 239 ideas
- Azure Monitor- Alert Management 154 ideas
- Azure Monitor-Application Insights 782 ideas
- Azure Monitor-Log Analytics 987 ideas
- Azure NetApp Files (ANF) 30 ideas
- Azure Pack 293 ideas
- Azure portal 2,180 ideas
- Azure Purview 126 ideas
- Azure Red Hat OpenShift 12 ideas
- Azure Remote Rendering 9 ideas
- Azure Reservations 182 ideas
- Azure Resource Manager 542 ideas
- Azure Search 286 ideas
- Azure Security Center 299 ideas
- Azure Sentinel 104 ideas
- Azure Service Health 40 ideas
- Azure SignalR Service 16 ideas
- Azure Spatial Anchors 29 ideas
- Azure Sphere 82 ideas
- Azure Spring Cloud 2 ideas
- Azure Stack HCI 3 ideas
- Azure Stack Hub 199 ideas
- Azure Synapse Analytics 435 ideas
- Azure TCO Calculator 30 ideas
- Azure Time Series Insights 28 ideas
- Batch 35 ideas
- Batch AI 10 ideas
- Biztalk Services 14 ideas
- Blockchain 55 ideas
- Cache 38 ideas
- Change Tracking 12 ideas
- Cloud Services (Web and Worker Role) 272 ideas
- Cost Management 329 ideas
- Cross region move for Azure resources 11 ideas
- Customer Insights 13 ideas
- Customer Lockbox for Microsoft Azure 1 idea
- Data Catalog 178 ideas
- Data Factory 1,176 ideas
- Data Lake 354 ideas
- Data Science VM 24 ideas
- Diagnostics and Monitoring 200 ideas
- Event Hubs 41 ideas
- Global Infrastructure 44 ideas
- HDInsight 132 ideas
- Lab Services 362 ideas
- Logic Apps 1,783 ideas
- Machine Learning 222 ideas
- Mobile Engagement 19 ideas
- Networking 1,402 ideas
- Notification Hubs 36 ideas
- Project Bonsai 29 ideas
- Scheduler 43 ideas
- Scripting and Command Line Tools 102 ideas
- SDK and Tools 143 ideas
- Security and Compliance 102 ideas
- Service Bus 202 ideas
- Service Fabric 304 ideas
- Signup and Billing 1,764 ideas
- Site Recovery 296 ideas
- SQL Data Sync 68 ideas
- SQL Database 864 ideas
- SQL Managed Instance 151 ideas
- SQL Server 10,629 ideas
- SQL Server - Big Data Clusters 47 ideas
- Storage 1,023 ideas
- StorSimple 26 ideas
- Stream Analytics 267 ideas
- Support Feedback 273 ideas
- System Center Data Protection Manager 150 ideas
- Update Management 188 ideas
- Virtual Machines 1,682 ideas
- Web Apps 617 ideas
Microsoft Azure