Story image

Kemp: Three common IoT security pitfalls

03 May 2019

Article by Kemp APAC regional director Tony Sandberg

The promises of greater efficiency, agility and cost-savings are driving increasing numbers of enterprises towards cloud computing while advancing technology is allowing them to extend its benefits to their emerging Internet of Things (IoT) workloads.

Yet the technology is heading for troubled waters.

Research shows that IoT is disrupting markets and IT organisations worldwide, changing economics and agility in many markets.

This change is driving growth in IoT device data, analysis and integration with back-end systems, along with the subsequent IoT feedback and control that will improve business outcomes.

Gartner predicts that:

  • By 2020, there will be 25 billion connected IoT devices, with a compound annual growth rate of 35%.
  • By 2018, the number of new connections for IoT devices were to exceed all other new connections for interoperability and integration combined.

The business and technical challenges of managing and capitalising on IoT adoption remain daunting.

The challenges in designing and deploying large-scale IoT solutions are enormous, due to the rigidity, poor elasticity and limited dependability of traditional products.

Consider that:

  • Traditional IoT solutions are rigid and inflexible because they are tailored to solve a problem and are not designed for flexible customisation, utility-oriented delivery and granular consumption.
  • IoT devices are not built to scale dynamically to respond to varying loads.
  • The general measure of availability, reliability and maintainability of traditional IoT solutions is poor.
  • The dynamic heterogeneity and geographical distribution of large-scale IoT solutions disrupt traditional security and management tools, rendering them ineffective.

The IT industry is recognising that traditional load balancers are not suited for environments that include IoT deployments, but at least one vendor has created a suite of virtual products and application delivery tools more suited for today’s IoT workloads.

Advanced vendors are offering abstract application delivery services from the physical networks that deliver virtual services which can be attached to IoT workloads.

These allow software to be provisioned dynamically to deliver proactive performance management.

To enhance reliability and availability, new solutions include L4-7 load balancing and Geo (geographic) load balancing.

These ensure that IoT sessions are always processed by the most highly available server.

Geo load balancing also ensures that IoT sessions are sent to the application server closest to the IoT device.

A central application delivery framework can offer a single point for control, analysis and diagnosis of key application metrics that enable customers to make smarter decisions about managing capacity adaptively.

Advanced monitoring and analytics engines allow changes in device behaviour to be visualised and remedial actions to be taken before a catastrophic failure occurs.

To improve security, a web application firewall (WAF) will secure IoT applications dynamically.

By enabling SSL, SSO or IPSec encryption for edge security, IoT data will be protected during the transfer from the enterprise edge to the cloud.

Finally, edge security software is able to authenticate and authorise enterprise systems.

Reliability and availability

The challenge:  Most IoT solutions involve thousands of endpoints that generate and process data across multiple networks. Organisations running traditional IoT systems are often locked into a rigid framework and cannot respond fast enough to changing demands of IoT solutions.

The solution:  Services like load balancing and web application firewalls are delivered through virtual services. They can be deployed and attached to IoT applications automatically on demand.

Leading software-based applications include high-performance L4/7 server load balancing to ensure that each user receives the best possible application experience. Distributing incoming IoT sessions to the most highly available application serve accelerates processing time.

And by integrating with SDN controllers, they configure network bandwidth dynamically and direct network traffic to least loaded network paths.

This translates into more efficient load balancing, accelerated application delivery, and improved quality of experience (QoE) for end users.

In addition, they can support multiple hypervisors, including VMware vSphere; OpenStack load balancing as a Service (LBaaS) plugin; Microsoft Hyper V; and RedHat KVM.

Such wide-ranging support can slash the time required to deliver IoT solutions.

Perimeter protection

The challenge:  Enterprise IT professionals and analysts agree that securing the network only at the perimeter is sorely inadequate for IoT solutions.

Modern attacks can exploit a perimeter-centric defence in no time.

After malware enters the data centre, it can move easily from sensor to sensor within the centre by compromising just one authorised sensor or using other nefarious methods.

A stricter, micro-granular security model effectively points to the need for unique firewalling of each individual IoT workload.

Until now, this approach has been cost-prohibitive and operationally infeasible.

The solution: Advanced virtual load software can deliver boast a ‘defence-in-depth’ architecture for securing IoT applications and data. This allows IT teams to bring security closer to the IoT workloads and protect IoT data.

To protect IoT data transfer from the data centre edge to cloud gateways, such software implements IPsec VPN tunnels.

IPsec is an industry standard that is offered as a secure connectivity option on cloud services from Microsoft, Amazon and Google.

The technology also protects against distributed denial of service attacks that hijack IoT devices and flood the network with traffic until systems are rendered unavailable.

Application firewall

An effective solution should include a web application firewall that combines with other application-delivery services that include intelligent load balancing, intrusion detection, intrusion prevention and edge security and authentication.

Such an edge security pack can authenticate devices using certificates before accessing the IoT application servers.

Active directory group membership can restrict access to IoT published applications. Installing certificates on devices can authenticate them with validation using the Online Certificate Status Protocol (OCSP).

Selected technology can deliver powerful, real-world solutions to address issues of security, privacy, cost, ease of access, agility and performance.

This can make managing the IoT infrastructure management a snap.

Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.
Bitglass appoints new cloud, business development leaders
The cloud security company has appointed vice presidents for worldwide channels and worldwide business development.
Ping Identity offerings accelerates cloud MFA and SSO adoption
90% of respondents trust MFA as an effective security control to protect identity data in public clouds, yet only 60% of organisations have formally adopted it.
Trend Micro introduces cloud and container workload security offering
Container security capabilities added to Trend Micro Deep Security have elevated protection across the DevOps lifecycle and runtime stack.
Veeam joins the ranks of $1bil-revenue software companies
It’s also marked a milestone of 350,000 customers and outlined how it will begin the next stage of its growth.
Veeam enables secondary storage solutions with technology partner program
Veeam has worked with its strategic technology alliance partners to provide flexible deployment options for customers that have continually led to tighter levels of integration.
Veeam Availability Orchestrator update aims to democratise DR
The ability to automatically test, document and reliably recover entire sites, as well as individual workloads from backups in a completely orchestrated way lowers the total cost of ownership (TCO) of DR.
EXCLUSIVE: Forcepoint global channel chief talks strategy
As a solution sold 100% via the channel, cybersecurity solutions company Forcepoint places a strong emphasis on its partner relationships.