Security and the IoT: Where to Start, How to Solve
I recently attended the 2016 North America IoT Tech Expo in Santa Clara, California. This event highlights how the most innovative advancements in technology are affecting the Internet of Things (IoT). Visitors can listen to case studies and tracks covering the IoT ecosystem including: smart cities, connected living, wearables, developing and IoT technologies, connected industry, connected services, and data and security. To that end, I was counting on leaving there with a stronger sense of direction, clarity, and future vision around the IoT. Hey, I’m a total tech nerd. I’ve spent my career in the telecom, networking, computer, and storage industries. So as you can imagine, I couldn’t wait to geek out with all the cool futurist gadgets and things. In my mind, that’s what the IoT is all about. Not so fast.
I visited with sponsors and passed through many trade show booths, finding a mix of home-based automation systems and devices, as well as a series of industrial sensor companies (most of whom were names you wouldn’t expect to see at this show). Interesting technologies were on display for sure, but definitely not what I expected. Where were the automation, virtual reality, and artificial intelligence integrations? You know, all the cool things you see in a George Lucas film that make you wonder, “Is that really possible?”
As I attended the many breakout sessions, I quickly picked up that the IoT is less about integrating the super cool, and more about integrating the practical, or the basic things that many of us need but take for granted. And top of mind for every business today is how to solve challenges around the IoT and security, and the proactive measures we can take to adopt IoT innovations while also protecting our enterprises from cyber-attacks. Not particularly sexy but very necessary.
IoT: The Basics
So let’s look at the fundamentals. The IoT is a huge topic (which is why it’s often referred to as the “Internet of Overwhelming Things”). It’s transformative. It’s practical. It had its big push from home automation. Today, it spans across multiple industries and governments from smart cities (which includes transportation, public safety, water works, citizen services, waste management, et al) to smart industries like manufacturing, healthcare, and consumers, to name a few.
Everyone deploying an IoT model or strategy is faced with similar challenges, but perhaps none as great as security. In fact, Gartner predicts by 2020, more than 25% of identified attacks in enterprises will involve the IoT, although the IoT will account for less than 10% of IT security budgets. That’s an unbelievable disconnect. Further, Gartner suggests that vendors will focus too much on spotting vulnerabilities and exploits, rather than segmentation and other long-term means that better protect the IoT.
The key word in that last sentence is “segmentation” and it’s where our “securing the everywhere perimeter” comes in. (Recently, Avaya Chief Technologist of SDA Jean Turgeon explored Avaya’s #EverywherePerimeter in a three-part blog series that tackled the three core pillars of this groundbreaking fabric networking solution: hyper-segmentation, native stealth and elasticity.)
A Proactive Solution for Cyber-Attacks
Leveraging core network technologies like Avaya Fabric Connect simplifies the most complex part of any network deployment. It’s tremendously scalable, as we’ve proven time and again with large global 100 and global 50 customers. And it provides a secure networking infrastructure, or as we like to call it: stealth networking. Stealth networking can significantly reduce exposure and risks associated with cyber-attacks. Avoiding many of the conventional hooks and typical tools that hackers seek to exploit, businesses can reduce their exposure and more tightly focus their security efforts. Because Avaya Fabric doesn’t need or use IP in the core, there isn’t anything to see or hack using IP-based hacking tools or methods. We’ve proven this time and time again at hackathons around the world. In the simplest terms, you can’t hack what you can’t see!
Hyper-segmentation allows you to span beyond the data center, building or campus. We call it a “single global network fabric.” With hyper-segmentation, organizations can establish borders to defend against unauthorized lateral movement, reduce their attack profile, deliver highly effective breach isolation, improve the effectiveness of anomaly scanning and greatly improve the value of specialist security appliances. Virtual LANs (VLANs) have traditionally been used to create segmentation, but this creates high levels of complexity and increases risk of failure, as VLANs used are subject to loops created by human errors while having to learn about each node that physically join the virtual network.
We’re using industry standard technologies, leveraging IEEE Shortest Path Bridging (SPB) in the core. Once the core is established, making changes and adding capacity or remote sites is quick and simple, unlike traditional networking where you need to be a VLAN or MPLS expert. With Avaya Fabric, you can now extend these same services to the edge or closer to the IoT devices. Then using technologies like Fabric Attach, you can have automated and secure connections created between the core and the edge switches and/or the WAP (Wireless Access Points). The edge now becomes more plug and play.
At this point, all that’s left to do is decide where you want your IoT devices connected and whether you want to have devices segmented or grouped together without the need for cumbersome things like Access Control Lists.
Finally, you can start connecting devices to the network. Well, sort of. You see, traditional IT admins keep the network jacks you see in buildings disabled until a request is made to turn them back on. Then they enable the network jack you want to connect your device to, providing you wired access or granting that device access to the wireless network (in a closed environment), thereby creating that secure end-to-end connection all the way to the device. So far so good, right? Here’s the thing, often we find these “enabled” jacks left exposed and in plain sight after the user has disconnected from the network and left the building. This provides hackers with a secure connection into your environment.
With Automatic Elasticity (the third pillar of our #Everywhere Perimeter solution), businesses can stretch their network services (contained in hyper-segments) to the edge of the network, only as required and only for the duration of a specific application session. As applications terminate (or end-point devices close down or disconnect), those networking services retract from the edge. It’s as simple as that. This makes your network safe and less vulnerable to intrusions.
This Avaya Network Fabric technology can be used in all the IoT environments I cited up top: cities, buildings, retail, manufacturing, etc. We’ve been delivering these solutions to customers of all sizes, from the Sochi 2014 Winter Olympics to the tallest building in the world, the Burj Khalifa in Dubai.