Secure the ultimate distributed application: the Internet of Things
Dr Hongwen Zhang, Wedge Networks
The Internet of Things is arguably the most nebulous concept in modern computing – or in modern society, writes Dr. Hongwen Zhang, the CEO and co-founder of Wedge Networks.
The IoT is everywhere: On your wrist, in the supply chain, in televisions, in home computers, in factories, in enterprise servers, in the hosted data center, in the cloud. When the IoT goes outside the building or corporate campus, there’s no predicting the traffic flow. The network perimeter means nothing. Firewalls means nothing. Yet there is a tremendous threat, in large part due to the wide variety of things that are part of the IoT. It is impractical to embed each individual device with effective security mechanisms that could withstand a determined attack. Even if you could build in some protections, realistically it’s impossible to harden each device against future attacks. The devices are too distributed, too limited in computation power, too difficult to upgrade with new firmware or software.
When it comes to the IoT, network-level protection is the only viable and scalable way to protect not only the devices, but the vital information that they carry. Whether the IoT is focused on small-packet sensors, or real-time video streams, nobody wants that data falling into the wrong hands. Similarly for command-and-control packets being sent out from server-based applications to the IoT. Whether it’s a medical device, a traffic light, or an industrial control in a power plant, the communications must be trustworthy – and that means network-level protection.
It’s not easy. Let’s be clear: Securing network data is an extremely challenging area. It requires an agile solution that is constantly evolving to keep up with — and anticipate — new threats. In order to determine whether data is safe, it must be constantly analysed and compared to known threat signatures, that are unique to each malware or penetration attempt.
The answer lies in the cloud; it has to lie in the cloud, because that’s where the traffic flows. Using evolving industry standards like software defined networks (SDN) and network functions virtualisation (NFV), security capabilities can be embedded everywhere in the cloud. For example, SDN can enable VNFs (virtual network functions) inside the cloud network to enable policy-based deep content inspection to all inbound and outbound traffic. This defenses the IoT data pipeline with comprehensive, scalable and customisable real time security, without requiring that traffic to ever leave the network.
Real time protection with near-zero latency is important, because network administrators and applications developers know that customers won’t tolerate anything that introduces delays and slows down the network, holds back the delivery of IoT data, and degrades of the end-user experience. It simply can’t happen.
The Internet of Things is different than anything we’ve known before on our networks, whether corporate LANs, enterprise WANs or the public Internet. The “things” and applications driving the IoT come from a different culture than the sophisticated traditional servers, PCs and even phone/tablets that we’ve known before. Those devices are, first and foremost, computers.
Many of today’s devices are specialty devices designed to interact with the physical world by either sensing something or doing something. They are more akin to network printers than personal computers: dedicated devices that we want to set and forget. However, they must be protected – not only to safeguard their own functionality and protect their own data, but because the IoT can become a gateway into larger networks.
Back in February 2014 — more than two years ago — The New York Times reported that there were 55,000 HVAC (heating, ventilation and air conditioning) systems connected to the internet. That’s the IoT, though the term wasn’t widely used at that time. The story says that in most cases those HVAC systems “contained basic security flaws that would allow hackers a way into companies’ corporate networks, or the companies installing and monitoring these systems reused the same remote access passwords across multiple clients.”
Today the IoT challenge has grown – and it’s only going to get bigger. With hackers targeting personal data, government facilities, financial transactions, cutting-edge intellectual property and more, we must protect the IoT. The concept is nebulous, because it’s hard to define where the IoT begins and ends. The breadth of technologies and network connections involved is huge, everything from 4G to WiFi, from cabled Ethernet to the public Internet to hardened MPLS wide-area networks. What we can count on is that the IoT is growing, the cloud plays an increasingly large role, the threats are real, and that we’re going to need to leverage standards like SDN and NFV to secure the cloud. That’s the best way, the only way, to secure the IoT.