Increasing Security Assurance for the Internet of Things

There’s a growing spectrum of benefits and concerns organizations and individuals face as the Internet of Things (IoT) evolves. On one hand, the increasing connectivity between previously independent or isolated people, work streams and systems offers convenience, reduces critical delays and opens up new models for business, learning and governing. Smart Cities, Smart Schools, Smart Healthcare are all driven by the underlying principle that digitization and erasing of time and space limitations offers the opportunity for a better socio-economic environment.

For all of these benefits to come to fruition, however, we cannot ignore the real and potential concerns surrounding IOT security. Perhaps chief among them is who is authorized to access what and how. We have seen instances when even previously “dumb” endpoints can be an entry point if someone wants in badly enough. The challenge is to stay one step ahead.

To this end in the U.S., the Federal government has instituted FIPS, or Federal Information Processing Standardization, which are encryption requirements for technology used by any non-military agencies or contractors. Another standard that is typically coupled with FIPS in the U.S. but is internationally recognized is Common Criteria, which provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous standard and repeatable manner1.

Avaya Partners with Mocana on IOT Security

As a global provider of communications to many of the world’s governments, Avaya builds security into our systems to meet these requirements. To do so, and to keep up with the continually growing and evolving IoT, we’ve signed a multi-year agreement with Mocana, a company that specializes  in high-performance, ultra-optimized, OS-independent, high-assurance security solution for any device class. Mocana’s award-winning cryptographic solutions are used in the most stringently-constrained and life-critical systems by Fortune 500 companies, world-leading smart device manufacturers, and government agencies.

Integrating Mocana’s Security of Things Platform into our portfolio of unified communications, contact center and networking solutions helps us decrease product development time while adhering to globally recognized security requirements, including FIPS and Common Criteria. As specialists in the area of security, we collaborate with Mocana to help strengthen our security assurances as we make security a cornerstone of the value Avaya delivers to governments, businesses and organizations around the world.

The Internet of Things offers many defined and still unforeseen dimensions and benefits. Integrating security into unified communications, contact center and networking solutions will ensure further growth and opportunities for all.

Related Articles:

Avaya Oceana: Riding the Next Wave in Customer Experience

Earlier this month, the CFI Group, which issues the annual American Customer Satisfaction Index, issued the Contact Center Satisfaction Index (CCSI). Here are some of the key findings:

  • The index shows a four-point decrease in customer satisfaction from 2015 to 2016, sliding to the lowest score in the nine-year history of the report.
  • Difficulties are driven by the ability (or lack of) to quickly and effectively solve customer issues: Only 52% of contacts were resolved on the first contact and a third could not successfully self-serve through the IVR system.
  • Millennials have higher expectations for service than those 45+ perhaps largely due to their sense of immediacy and highly digital, multi-modal nature.

Bottom line: The CCSI news isn’t good regarding contact centers’ ability to deliver an excellent experience. And that results in reduced revenues for your business as customers go elsewhere to satisfy their needs.

From our point of view … the timing couldn’t be better. Here’s why: Avaya Oceana just went generally available.

As long-time leaders in customer experience technologies, we know there are two critical points of opposition underlying the findings of the recent CCSI report. One is that consumer technologies and customer expectations change at an ever-increasing pace—even more so for millennials—your next generation of disposable income. This change is so rapid that some business technologies can be nearly obsolete before fully implemented. Second, because of this rapid pace of change, enterprises often hesitate to commit to new technologies that may disrupt a precariously-built, but functional operation—many of which resemble a Jenga stack whereby if one piece is touched the whole shebang comes tumbling down.

There’s a third factor that’s worth mentioning: traditional contact center technologies have been rigid, highly complex solutions, making changes to deployed systems difficult at best. Over time, what may be left as a result are ancient artifacts of routing patterns, complex integrations, and more that—at minimum—slow responses to potentially already frustrated customers.

Avaya Oceana to the rescue! Oceana simplifies that with a flexible, software-based solution that can negate those opposing forces. Suddenly, aligning customer needs and business strategies is as easy as drag and drop, so changes can be made without the traditional hold-your-breath-and-see-what-happens approach that causes migraines and drives significant resource requirements. The easy-to-use, self-adjusting system knows how—and in many cases, why—the customer is reaching out, managing proactive, self service and assisted service as a single thread.

Intelligence gleaned via Oceanalytics can be automatically applied and visually reported to those who need to know, who can also make immediate changes in the workflow pattern without esoteric programming requirements.

What’s more? Since Avaya Oceana is built on Avaya Breeze™ Platform, companies have massive flexibility to quickly customize their approach to customer experience—again with simplicity and ease through the development tools or pre-made Snap-ins from the Avaya Snapp Store.

The end game? To deliver the best experience possible every time in the course of a transaction or in the relationship overall.

While much of the magic of Oceana is behind the scenes, essentially, the solution enables companies to fully realize the omnichannel experience that many talk about and few truly deliver.

Experience is everything—Avaya Oceana enables proactive, persistent, contextual highly personalized experiences. The kind of experience even a millennial could love.

Watch the Avaya Oceana video.

How Wi-Fi Location-Based Services Can Step Up Your Public Safety Game

My first job out of college was working on Sonar Systems for the U.S. Navy. Modern sonar systems passively listen in the ocean to identify targets by the sounds they make. To the Sonar System everything is a target. Targets are classified as unknown, hostile or friendly. Target classification is determined by noise signatures, behavior, heuristics, etc.

Wi-Fi location-based solutions provide similar capabilities as a sonar system. As part of normal operations, a mobile device will probe the network looking for Wireless Access Points (WAPs). Probing helps the device identify and acquire service from the WLAN. When the device is connected to the network, it continues to probe, enabling the device to effectively roam between WAPs. Essentially Wi-Fi enabled devices are projecting energy into the air similar to a ship projecting sound into the ocean.

WAPs listen and respond to the probe messages as part of service delivery. Listening also provides a mechanism to track these devices. A Wi-Fi device probe message includes the Media Access Control (MAC) address of the device, a globally unique identifier. Since most devices probe the network several times a minute, it’s possible to identify the location of a device every few seconds. Therefore, a Wi-Fi location-based solution can identify the location of every wireless device in range of the WLAN.

Wi-Fi location-based services are usually discussed in the realm of suppliers trying to improve customer engagement. However, as Avaya Chief Technologist of SDA Jean Turgeon points out in his recent blog on public safety, there’s an epidemic of man-created tragedies, where people are targeted for harm by other people. Providing safety for the public when a member of the public wants to harm other members of the public is a tough task. Finding a potential antagonist in the crowd is similar to finding the potentially hostile ship in the ocean of ships. Wi-Fi Location-Based Services (WLBS) offer an additional data set that can be used to help identify potential hostiles, and help first responders identify where the friendlies are located.

WLBS uses the signals received by multiple WAPs to triangulate the location of the probing device. In the Avaya solution, performing WLBS is as simple as telling the WAPs to send distance information to an Avaya Breeze™ snap-in that performs the calculation.

Wi-Fi Location-Based Services

The triangulation process provides the ability to identify all of the targets in the WLAN ocean. The next step is to sort the targets. However, rather than classifying as friendly or hostile, the first objective is to sort out known from unknown device owners. Device ownership can be determined in a number of ways, for instance:

  • Connections to the corporate network

    . Employees, contractors, etc. who provide credentials to access the corporate network will have device ownership uniquely identified. Though a single employee may have multiple devices (laptop, phone, tablet) identified to their persona at one time, a device will have a single owner.

  • Device resident apps, such as loyalty apps

    . Apps that provide coupons, track transaction points, etc. can be set up to identify the owner when the app connects to the network.

  • Uniquely identifiable splash page logins

    . Gaining access to a guest network often requires acknowledging appropriate usage parameters on a splash page. The splash page can be set up to require uniquely identifiable information, such as an email address, to gain access.

Therefore, it’s possible to have uniquely identifiable information about the owner of every device that’s connected to your WLAN. Devices that aren’t connected to the network would have unknown owners. However, if the solution maintains an historical database, it may be possible to classify a device if the MAC address has ever been associated to an owner. The current owner may not be the same as the historical, but it’s a starting point.

Now that a mechanism to identify device owners has been established, rules for addressing unknown devices can be generated. The easiest to visualize is the guest-out-of-bounds rule. Most public buildings (civil center, library, court house, school, etc.) consist of areas that are open to the public and areas that are restricted to certain personnel.

When a non-employee’s device is detected in a restricted area, WLBS raises an alert to be processed up-stream. For instance, the feed from the CCTV camera covering the area identified by WLBS could be directed to the security guards computer monitor. The security guard could find the closest member of the security team by looking at a dynamic floor plan display with indicators showing the location of all security personnel (based on their known devices). A message could be sent to closest security person to go to the area and perform a credential check. As the non-employee moves through the area, his position would be updated by the WLBS solution to continue to track the individual. The CCTV and WLBS displays could be routed to the mobile security guard to provide current situational information.

WLBS is dependent on the person of interest having a device with an active Wi-Fi antenna. If the non-employee above is simply lost, they won’t bother to turn off their device. On the other hand, if the person intends harm, they may go to airplane mode. In this case, the security system is relying on more traditional detection methods.

WLBS also has value when looking at people at a macro level. One of the man-created tragedies is the active shooter scenario. In many disaster scenarios, the best course of action is to flee. However, in the active shooter scenario, the best course of action is often to hide. Take a school or shopping mall, people are going to hide all over the place. One of the tasks of first responders is to find where all of the friendlies are hiding without causing the friendlies to expose themselves unnecessarily. WLBS would show where all of the devices are, which provides a good indicator of where people are hiding. So as the first responders are pursuing the hostiles, they would have data to help them understand if the hostiles are heading towards friendlies. Perhaps, the friendlies can be evacuated before a hostile reaches them or the hostiles can be driven to a safer location.

WLBS provides a stealthy way to identify where people are. It isn’t a fool-proof solution. Unlike a ship in the ocean, a person can decide to be silent and thus untraceable. However, in many situations, WLBS will provide valuable information about the location and movement of people. Even if the hostile defeats Wi-Fi tracking, WLBS still provides information about the friendlies. In this case, tracking hostiles may require other technology such as CCTV. (Satellites are used to track ships also.)

The best part of a WLBS solution is that it runs on the WLAN that organizations must deploy to participate in the 21st century. Location data is available on enterprise class WAPs—it’s simply a matter of collecting and acting on the data. With Avaya’s 9100 WLAN, data analysis and workflow development is a Breeze.

As Consumer Tech Remakes the Workplace, a Thoughtful Security Strategy Is the Best Defense

I think we’d all agree the business landscape has changed dramatically over the past two decades. Think back to the last time you wrote a paper memo or sent a card inviting a colleague to a meeting. It’s been a long while.

For the most part, we’ve enthusiastically embraced this technology revolution in business, but recently it’s evolved to a point where consumer technology is now reshaping the workplace. In this blog series, we’ll discuss this phenomenon, how it’s made us more vulnerable to cyber-attacks and what measures and solutions we can employ to protect against security breaches.

Think about it. We carry multiple devices to stay connected both professionally and personally. These devices have become our modern day Filofaxes or Franklin Planners. So much so, that we’ve blurred the lines between these two worlds—once separate and distinct. We have one calendar, one set of contacts, one laptop and, for many of us, our social networks are a mix of work and play.

So when we hear about the latest cyber-attack or hack, the question we always ask ourselves is, “Can I be affected?”

The fact is our growing dependence on consumer technology puts our companies and us at higher risk to become victims. We become more vulnerable with every new tech toy, gadget or app we place at our fingertips … and we’re not talking just smartphones. Look at Smart TV (connected to the Internet), home automation devices (e.g., Nest or Hues), even the cars we drive. Everything is becoming connected, delivering real-time information to our smart devices, whenever and wherever we are.

Our demands have also extended to where we use these smart devices. We want connectivity in Starbucks, a shopping mall, a sports stadium … we want to remain in touch, irrespective of location. This presents a challenge for many, but especially for our CIOs who not only have to secure corporate information but also weigh potential exposure as a result of our hyper-connected world.

Also consider the increasing number of employees working from remote locations … the CIO, who once had total visibility of what we’re doing and using during business hours, now has only a glimpse of what’s deployed in our homes or coffee shops. And let’s not forget collaboration tools and apps that allow for real-time connectivity and electronic file sharing between anyone with internet access, from anywhere and from any device. While these capabilities have enabled us to work smarter and more efficiently, with those benefits comes the increased risk of enterprise security issues and data breaches.

For most organizations, it’s not a question of if a security breach is going to occur, it’s when will it occur. And when a company is attacked, so too are the people affiliated with it (think customers, employees, vendors and partners).

Perhaps we need to consider how hackers go about their work to understand why the decisions we make (or don’t make) today could have immediate and devastating consequences.

For starters, hackers look to identify a point of entry that will allow them to establish a command and control base. Remember if it has a processor, memory and connectivity, it’s a target. All the examples I cited above fall into this criteria.

Once they’ve established a control point, they explore their surroundings. Imagine for a moment a hacker gaining access to your home automation, then having the ability to eavesdrop on all your communications: banking services, business services, media content … potentially watching your every move. Now all your personal and business activities are compromised. It’s a frightening thought, right? But it’s one that can be proactively addressed.

There are two common methodologies for eliminating or greatly minimizing security breaches. The easiest is to say “No, you can’t do that” (seldom effective). We recommend a more thoughtful, practical, and deliberate approach that involves both active and passive security measures.

The Avaya approach is complementary to your existing security measures, not a rip and replace approach but one that supports your business operations. Whilst other solutions will address vulnerabilities on the devices, or only allow certain traffic to pass a specific point in the network, Avaya adds to your security posture by eliminating the ability of the hacker to move around your network at will. This is commonly referred to as lateral movement, and with the use of Avaya SDN Fx hyper-segmentation capability, we’re able to prevent this exploration. We have more than 16 million service identifiers to use—it’s like trying to find a needle in a haystack.

If you can’t see it, then you can’t hack it! Avaya also has the ability to run these services in stealth mode, the ability to convey these services in a manner that is quiet and careful in order not to be seen or heard.

This provides you with security that’s based upon the services you support on your network, not focused on the routes that traffic may pass through. This dynamic approach to security is elastic in nature: as the demands for your network change, the ability to expand and contract these services follows the natural rhythm of your network. (Avaya Chief Technologist for SDA Jean Turgeon wrote a three-part blog series exploring these three core pillars. Read about hyper-segmentation, native stealth and automatic elasticity.)

In addition to this, we expand our capability to the edge of the work, the access layer. Here through the use of standards-based approaches, we’ll examine not only the device coming onto the network, the credentials it’s presenting, its location, but we’ll also examine its behavior on the network—its digital fingerprint.

Through years of experience in real-time apps, we’ve been able to capture, identify, quantify and then react to a whole range of activities. The same is also true for the emerging world of the IoT (Internet of Things) and the explosion in connected devices. Through the innovative use of Avaya Breeze™, we’re able to blend the worlds of infrastructure and apps, keeping a watchful eye on everything that passes through the network, and when something does catch our eye, having the ability to react, in real-time, to circumvent that anomaly.

The Avaya capability plugs the gaps that so many hackers exploit, and through our use of innovative technologies, we allow the network infrastructure to support the business in a dynamic, elastic, and secure manner, giving business the agility to use what it needs, when it wants to, and where it wants to use it.