Why Your Network Isn't Ready for the Internet of Things

Businesses face a tough reality—every day, employees, customers and partners bring a growing number of mobile devices into the enterprise, opening up the network to potential security risks. BYOD is just the beginning—the Internet of Things looms on the horizon, promising everything from networked medical devices to Web-enabled lightbulbs.

Companies need policies and controls in place to protect the network, recognizing that Internet-connected devices are their new, permanent reality.

Some companies ignore the problem; others ban all unsanctioned devices from connecting to the network. Most companies undertake an ad hoc, largely manual device provisioning process. Very few enterprise networks are as secure as they could be.

The solution lies, in part, inside the network itself. If your company is running a legacy network built on multiple IP protocol topologies, you should be concerned.

It’s estimated that more than 70 percent of IT security breaches are caused by corporate network vulnerabilities—many of those caused by loose networking protections around BYOD and IoT.

Consider the average enterprise with thousands of mobile devices: Its IT staff provisions networked devices using conventional techniques, with little consideration to quality-of-service or security, randomly modifying and partitioning on an already-exhausted network. This is a recipe for disaster, as the enterprise’s network endpoints are most likely running older operating systems, lacking modern protection against viruses and malware, default passwords—all of which potentially amplify the risk of an attack.

The industry is moving toward single-protocol networking technology, which create invisible networks and enables enterprises to deliver SDN functionalities all the way to the edge of the network quickly, securely and efficiently.

Avaya SDN Fx is built on a single-protocol network architecture that is unique in the industry today, and more than a year ahead of competing solutions. SDN Fx makes it easy to create virtual networks in real-time and completely automate services provisioning.

Avaya Fabric Attach is a complementary, standards-based technology that allows individual endpoints to attach automatically, configuring them to join their mission-specific network. Avaya’s Open Networking Adapter delivers dynamic, automated and secure, policy-based connectivity for endpoints on your corporate network.

This combination of powerful tools gives enterprises the freedom to customize their security policies, easily deliver mobility and connectivity across the company and greatly reduce the risk of misuse or misappropriation on the network.

Instead of waiting for endpoints to get built with sufficient networking intelligence, which might take years, Avaya has a suite of solutions today that allow companies to embrace BYOD and IoT in a more secure environment. SDN Fx is the answer.

Related Articles:

Aiming Towards an Unfettered and Secure IoT

Last week, we heard bold claims by a networking vendor that they could make the Internet of Things (IoT) safe because they “own” the network. One of the ways they plan to do this is to certify products to take advantage of network security capabilities.

As a player in the networking space that is addressing IoT security, Avaya agrees “that there aren’t enough people on Earth to run the network the way it’s being run today, when you look at the scale of IoT.”

But, we strongly disagree on a number of other claims and respectfully offer these counterpoints:

  • One Pipe, One Gatekeeper:

    Their point of view shouldn’t be surprising—they are a vendor that has long relied on proprietary approaches designed to keep out the competition. The plan to certify devices to run on their network is yet another cog in the wheel whereby they soundly eliminate competitors and increase their revenue instead of allowing the market to decide who has the better approach to securing IoT. This brings us to our next point.

  • Innovation: Supporting or Suffocating?

    Does a single vendor governing who and what has access to the network encourage innovation or does it stifle it? While the concept of whitelisting is generally good, it requires a significant level of execution to be effective without hindering innovation. The sheer scale of the IoT means that it’s likely billions of devices will ultimately be connected. Each type needs to be certified, demonstrating compliance to a standard that gives them permission to onboard. Not impossible, but this is not the domain of a single vendor. In addition, as the market continues to trend towards more flexible networks and elasticity enabling greater innovation, the one-vendor-owns-the-network approach is rigid and exclusionary. The ecosystem for devices becomes extremely limited.

  • Say Bye-Bye to Your Legacy Equipment:

    While newer devices may be able to incorporate new standards and technology, there are still many, many legacy devices in operation that don’t have that level of intelligence. Many of these devices are regulated and would require significant back porting to support the operating systems they run. Requiring a forklift to remove non-compliant legacy devices is a huge moneymaker for some vendor—something we’ve seen them do in the past. But, for the company that needs to change their entire legacy operation, it may mean closing the doors due to a prohibitively expensive demand to update. Alternatively, they will be forced to manually manage the whitelists for legacy devices—an extremely cumbersome process.

An Alternative Approach

Avaya has already taken ground-breaking steps in securing IoT—steps that are much less costly and cumbersome, and support the innovation that IoT stands for by its very nature. Let me elaborate:

  • Automatic Onboarding, Configuration and Management:

    While the competition suggests that its approach will include not only “IoT onboarding and management capabilities, it will go beyond security to include automation of other tasks like network configuration that administrators would otherwise have to do.” Hello there. Let me introduce myself. This is fundamental to Avaya SDN Fx™. More than 800 Avaya customers are already enjoying the unique simplicity delivered through automation to the edge found in Avaya Networking. However, it’s still networking. Fundamentally, IoT needs to be separate from the network. While interaction between the solutions may offer benefits, any IoT solution needs to be capable of providing unique value regardless of the network underneath.

  • Keep What You Have, Use What You Want:

    IoT is gazillions of unique endpoints like medical imaging equipment, video devices, specialty printers, and more. Thus, you must protect 100% of your devices for a secure network. To manage this, and to secure legacy devices and a broad ecosystem of devices, Avaya built the Open Network Adapter—a small adapter about the size of a deck of cards enabled with an Open vSwitch. The Open Network Adapter allows these special devices to automatically connect to the network with a granular security profile based on their individual communication characteristics. Once fitted with the adapter, a session can be automatically set up, torn down and re-established—even if moved to a new location. This ensures that devices always have the proper security and can be tracked for both logistics and analytics purposes.

  • Securing the Future and Making Whitelisting Practical:

    Avaya’s SDN Fx IoT solution takes a different approach by providing proxy capabilities for devices to protect existing investments. This lets budgets be focused on innovations that are important to the business strategy. The SDN Fx IoT solution is based on the concept of intelligent profiling to dynamically understand the expected conversation patterns of whitelisted devices. This is important, as devices can be spoofed or hacked. Many IoT devices are in public domains where people may have physical access. They are often implemented by non-IT personnel and may not be secured to the level an enterprise expects. Gaining permission for whitelisting the device is a low threshold most will be willing to accept. From there, IT is free to characterize the traffic patterns of the devices and dynamically narrow the security profiles to a very refined set of flows within the whitelist.

  • Hyper-Segmentation for Hyper-Secure Networks:

    For those looking to evolve their defenses beyond an overlay solution and fully integrate their end-to-end security, Avaya’s SDN Fx provides a perfect complement to the IoT solution with automated connection into hyper-segments directly from the Open Network Adapter. Recently, we announced the hyper-segmentation capabilities of Avaya Networking. This end-to-end segmentation creates isolated traffic lanes within the network that limit where a hacker can go. They can’t get to the core and wreak havoc with sensitive data and operations. With hyper-segmentation, you get on the on-ramp to a dedicated toll road, where you are the only car on the road. Your isolated road leads directly to your destination, with no off-ramps. No one can see you, and you can’t see anyone else. But more importantly you can’t get off at any other destination than your own.

Avaya has already done much of the work needed for securing IoT that the other networking vendor is proposing, although we’ve left out those aspects that are not in the best interests of customers and innovation. While they are trying to make this about the network, the network has yet to stop many of the recently publicized breaches.

Any IoT device has the potential to be compromised whether remotely or physically, so end-to-end security is absolutely necessary, but absolutely should not be an old school, proprietary approach. Instead, it starts with micro-segmenting between applications and extends that level of separation and obfuscation out to the device and cloud edges. Anything less is like a football player taking the field with full pads but no helmet. Most hits will be absorbed, but the ones that aren’t can be the most damaging.

World’s Largest Surveillance Camera Provider Awards Avaya Technology Partner of the Year

You need more than just sophisticated surveillance video cameras to catch it all. Although cameras are an important part of the equation, the quality of your surveillance video is only as good as the quality of the network infrastructure that it runs over.

Blurry video, lapses in video footage and delays in pulling up video footage: all of these major complications can result from a poor underlying network … and cause serious security lapses. According to a 2014 report from ZK Research, 70 percent of surveillance issues can be attributed to less than rock-solid network quality.

Axis Communications, the global leader in network video, recognizes the importance the network plays in delivering high-quality and secure surveillance. At its 10th annual Axis Connect & Converge Conference, Axis − the world’s No. 1 provider of surveillance cameras − named Avaya its 2015 Technology Partner of the Year.

Avaya offers a network optimized for video surveillance. Leveraging Fabric Connect, an Avaya network uses Shortest Path Bridging (SPB), which eliminates the need for multiple protocols and enables simple endpoint provisioning. This gives the network greater scalability, performance and simplicity than traditional IP network offerings, leading to more flexible and reliable support for Axis video surveillance cameras.

When a spotty network means spotty surveillance, customers look for reliability. An always-on network means safer hospitals, cities and even schools, such as in the case of joint Avaya and Axis customer Holland Hall. Due to increasing calls for safety for students and faculty, Holland Hall implemented a new video surveillance system with 50 Axis cameras and an Axis video management system (VMS), with the capacity to add more cameras as needed.

“We just dropped in our IP video surveillance system and it works without impacting our student network,” said Henry Finch, the school’s director of IT. “We can spin up whatever we need on the security side knowing we don’t need to wait until after school.”

To learn more about how video surveillance is made easy with Avaya, click here.

SDN Solutions Provide the Tools to Revolutionize the Enterprise

The recent buzz in the industry is astonishing. I would dare to argue that we have never before seen this level of activity and innovation around networking, not even during the heyday of the early 2000s. Not a day goes by without an SDN-related vendor announcement, a new startup entering the fray, or a new alliance being formed. Truly exciting times indeed!

However, amidst all this activity it is sometimes difficult to see the greater trend: SDN and related industry developments have initiated a far more fundamental shift. SDN and peripheral developments are fundamentally altering the value network of the industry as value creation moves from traditional networking products to innovative, agile, software solutions.

As an extension, these technologies for the first time provide customers with the potential to provide application-controlled infrastructure agility across compute, storage, and network beyond the pure IT-centric automation solutions. This development finally enables enterprises and service providers alike to close the agility gap that has existed in most organizations, so that the business and the infrastructure can evolve in parallel.

Initial SDN offerings have focused largely on infrastructure automation and virtualized overlays to mitigate the lack of agility in the underlying, legacy network infrastructure. But in parallel, a new breed of SDN solutions is emerging that is providing far higher business value beyond the IT domain. These new solutions will enable innovators in various industries to definitively enhance their positions in the value network and the competitive landscape.

You might ask: What is the underlying issue driving these developments? Looking back over the past 20 years and the changes that have taken place in corporations globally since the emergence of IT and the Internet, it is obvious that value networks have been redrafted, as organizational structures have flattened and increasingly adopted matrix structures to deal with the needs to increase business agility.

In application development, where this change was mirrored, we have moved to agile development to cater for the need to quickly deal with uncertainty. Infrastructure virtualization has allowed us to keep up with the agility requirements in the data center.

However, the underlying networking infrastructure has remained complex and inflexible and has thus limited the deployment of more agile end-to-end solutions in many cases.

Life on the New Frontier: a Case Study

Emerging SDN applications and, to a lesser extent, selected SD-WAN solutions differ from traditional automation solutions in that they attempt to closely link business processes and supporting applications with the infrastructure, thus enabling the business to reconfigure on the fly as needed. They are the new frontier, beginning to enable even more innovation and efficiency, and will eventually deliver the real value of SDN in the enterprise.

To illustrate this, let me provide a sample use case:

Business Process Outsourcers (BPOs) are a subset of contact center operators that handle calls for a third-party organization–typically a high-volume, low-margin business where performance improvements can provide significant competitive advantages. BPOs operate the contact center voice infrastructure and access their clients’ backend systems to provide services. In most cases, BPOs also span multiple geographies and languages, increasing complexity.

This means BPOs need to operate the contact center voice service infrastructure and applications, both of which are mature. Incumbent vendors are providing a range of innovative and mature systems and applications to manage these systems. These systems, in essence, mirror the BPO’s business processes.

The other systems that BPOs operate are their multi-tenant data networks, which need manual and complex correlation to the need to securely segment customers in the data center, the WAN, and the campus. These networks are often so complex that a large, multi-site deployment of a new customer can take weeks or months to plan, schedule, and implement–adding significant cost, delaying revenue, reducing business agility and posing a risk to existing customers’ SLAs.

An SDN application deployed in this environment that is able to translate the business process to the infrastructure and agent settings on the fly can reduce infrastructure cost, lower implementation cost, and shorten time-to-service to minutes, hence fundamentally altering the competitive landscape.

This is just one simple example of the power that SDN can offer in business environments to provide a true “game changer.” Other examples exist in just about any industry, from healthcare to industrial environments and from hospitality to media, to name just a few.

Time to Change the Game Plan

SDN applications that link business processes to all infrastructure components and enable businesses to alter the configuration of the business on the fly are real game changers and provide capabilities that have never been available in the full infrastructure stack to this extent, certainly not in networking.

However, successful reconfiguration of the enterprise and taking full advantage of SDN, requires a non-traditional approach to embedding IT into business processes. It also requires different skills and processes in the IT organization, with multi-domain knowledge and DevOps capabilities being key requirements. All this offers exciting new opportunities for IT staff willing to take the plunge.

Software-defined anything, as Gartner refers to it, is clearly still in its early stages–or, in Gartner’s representation, in an early phase of the hype-cycle. However, SDN is having a significant impact today, and we are only just scratching the surface of what this technology can offer enterprises. Maximizing the business benefit of SDN will require different skills and novel approaches. SDN is not just the next IT initiative.

Consequently, organizations interested in SDN should be sure they make these initiatives broader business initiatives, and executives should be sure they understand the possibilities that these new technologies offer their businesses.