The number of factors enterprises must evaluate when deploying Internet of Things (IoT) solutions is vast. For industries like life sciences, these considerations are critical. For example, the connectivity of a lab’s operations is pivotal and can impact the speed, quality, and reliability of drug development and research. Connectivity also introduces security considerations, and careful thought must be placed on how it can impact every facet – from the existing network infrastructure to lab equipment.
We’ve spoken with many life sciences companies looking to deploy an IoT-based indoor asset tracking solution, like MachineQ’s. Below we outline how MachineQ’s indoor asset tracking solution works, what wireless protocols are used, and some of the frequently asked questions we get asked related to security, interference, and regulatory compliance.
MachineQ for Indoor Asset Tracking: How It Works
MachineQ for Indoor Asset Tracking is a Real-Time Location Tracking System (RTLS) that pairs LoRaWAN® and 2.4 GHz low energy wireless technologies to provide an optimal mix of real-time location, sub-room level accuracy, and long battery life. The active asset tags, affixed to business-critical equipment, inventory, consumables, or other assets requiring precise tracking, utilize a 2.4 GHz low energy wireless protocol. The MachineQ Monitors are optimized to locate thousands of asset tags and report tag location, health, and other data over LoRaWAN, a Low-Power Wide Area Network (LPWAN) technology, to the MachineQ gateway. The MachineQ gateways wirelessly aggregate and transmit encrypted data from the Monitor (and other LoRaWAN devices, such as environmental sensors, people counters, and utilization sensors) and transmit that data securely over Ethernet or Cellular connectivity to our cloud services. The data is then visualized in MachineQ’s MQinsights software application, which provides additional location context via a 2D floorplan of the space, as well as historical records, and robust alerting capabilities. This data can also be integrated into customers' enterprise applications via native integrations or restful API.
As enterprises scale IoT deployments, they must ensure that every component of these IoT solutions is hardened against cyber threats and physical tampering. Understanding that device security is a must-have requirement, we’ve addressed the following questions:
Q: Are the MachineQ Asset Tags secure?
Yes, MachineQ encrypts the tag configuration to prevent unauthorized changes to the tag’s settings.
Q: Will the Asset Tags interfere with Wi-Fi, other wireless equipment, or solutions at my facility?
A: Our 2.4 GHz tags are specifically programmed to use 2.4 GHz channels that do not overlap with traditional Wi-Fi channels – Channels 1, 6, and 11 – to negate any obstruction-related challenges.
Additionally, our 2.4 GHz tags are FCC approved as radiators under FCC 47 CFR Part 15, Subpart C – the same as your iPhone and Wi-Fi Access Points. As part of that certification, the tags are tested by an independent, third-party FCC-certified lab to ensure it doesn’t result in any harmful interference to other devices.
Finally, our 2.4 GHz tags use a significantly lower transmission power than Wi-Fi. For example, the transmission power of our Lume tag is 0.15 mW, while an iPhone 14 can transmit up to 266 mW on Wi-Fi, which is 2000x that of our asset tag. Simply put, if a smartphone that uses Wi-Fi access points does not interfere with lab equipment, neither will our asset tags.
IoT devices rely on networks to transmit data, making the network infrastructure a potential target for attackers. Weak network security measures can expose the entire ecosystem to risks, including unauthorized access, data interception, or distributed denial-of-service (DDoS) attacks.
Q: Does LoRaWAN interfere with Wi-Fi?
A: In the US, LoRaWAN uses the 902-928 MHz, Industrial-Scientific-Medical (ISM) band. It is an unlicensed spectrum. As such, no interference exists with any 2.4 GHz (i.e., 2400 MHz) applications (e.g., Wi-Fi). LoRaWAN is designed to be efficient in crowded RF environments using Chirp Spread Spectrum (CSS) and other modulation techniques.
Q: Are there security concerns associated with cellular or LAN backhaul?
A: All LoRaWAN packets are encrypted per the protocol’s standard, using AES end-to-end – from device to cloud. We layer on a secure backhaul measure where our gateways only communicate to our cloud infrastructure over an encrypted channel. Regardless of backhaul choice (LAN or cellular), all traffic between the LoRaWAN Gateways (Area8c) and the cloud is secured using TLS 1.3. Access to the network management web interface (MQcentral) is via TLS 1.3. Additionally, we follow rigorous security best practices informed and required by Comcast, the largest internet service provider in the US.
Q: How are gateway updates managed across their entire lifecycle?
A: The LoRaWAN gateway (Area 8c) firmware is updated over the air (OTA) after receiving customer consent.
End-User Security and Access Controls
Protecting sensitive company data is integral, so providing secure control and access to end users is paramount.
Q: Does your application support Single Sign-On (SSO)?
A: Yes, MachineQ’s MQinsights application supports Single Sign-On (SSO).
Q: What kind of role or user-based permissions are offered?
A: MachineQ for Indoor Asset Tracking and the MQinsights software application includes different user roles, allowing for the appropriate assignment of privileges based on user personas to provide granular access to capabilities and features.
Q: Where is the location data stored, and how is it accessed?
A: All location data is stored daily in a single-tenant Azure database, meaning every customer has a dedicated database. Access to the database is provided by our cloud-based SaaS application, MQinsights, and/or restful APIs. Additionally, data is backed up daily for access to the most up-to-date information in the event of downtime from disasters or unforeseen events.
The life sciences industry is heavily regulated, with strict data privacy and security requirements. IoT deployments must adhere to applicable regulations, and our solution considers the impacts on internal systems and regulatory standards.
Q: Are there impacts of the 2.4 GHz signal on internal systems used for good variable practices (GXP) such as GMP, GCP, and GLP?
A: When weighing IoT solutions, enterprises must ensure that new devices added to an environment do not alter the “qualified” state of systems, like GLP, which renders the lab non-compliant with the GLP standing. For example, if you’re using a 2.4 GHz low-energy tag for asset tracking, you’ll want to ensure that the device signal doesn’t interfere with the internal workings of lab equipment. With the proper 2.4 GHz device, you’ll want to check that it’s FCC approved, which validates that it meets stringent regulations and passes a test conducted by an independent, third-party FCC-certified lab to ensure it doesn’t harm other devices in the lab environment.