Story image

Expert opinion: How secure is the ‘I’ in ‘IoT’?

22 Nov 17

Article by Mary Clark, Chief Corporate Relations Officer and Chief of Staff at Syniverse

There’s a lot of talk these days about the Internet of things (IoT). But what’s often overlooked is that the IoT is also an Internet of shared services and shared data. And this simple fact is quickly becoming one of the biggest hurdles for companies looking to integrate their businesses with the IoT.

Specifically, the public nature of the Internet is causing business and government leaders alike to confront a profound challenge. The global ransomware attacks this year that have crippled infrastructure and businesses across Europe have highlighted systemic vulnerability of the public Internet. And as both the number of connected devices and data traffic volumes continues to grow, so too does the level of damage and disruption that a cyberattack can inflict upon this open network.

Clearly, today’s IoT-oriented businesses must begin to develop a full-scale strategy for moving their vital business operations to a global, private, isolated network. Let’s take a closer look at the reasons why.

The IoT’s Looming Challenge

Cisco’s Visual Networking Index (VNI) forecast predicts that global IP traffic will increase three-fold, reaching an annual run rate of 3.3 zettabytes by 2021. In fact, for the first time in the 12 years of the VNI forecast, M2M connections that support IoT applications are predicted to make up more than half of the world’s total 27.1 billion devices and connections. Together, they’ll account for five percent of all global IP traffic by 2021.

But while the number of connections continues to multiply exponentially and involve more and more partners, businesses remain vulnerable from the weakest link in the system – their connectivity.

The genius of the public Internet is that despite how we use it today, it was never designed to be a secure or trusted environment. It was conceived as a network for academics and researchers to exchange data, and it works as more of a best-endeavours network than a best-of-breed one.

For this reason, companies that want to conduct business, transfer data, monitor equipment and control operations globally – with certainty, security and privacy – should not be relying on public Internet connectivity. The sheer number of access points and endpoints creates an attack surface that is simply too wide to protect, and it calls into serious question whether the public Internet is up to the challenge of supporting the IoT. Instead, it’s time to take a step back and look for something different.

A New Network Model

One of the most effective solutions to the public Internet’s openness lies in the integration of global, private, isolated networks. These networks ensure complete separation from the public Internet, total control over who accesses the network and how, and maximum flexibility to build and optimise partnership connections. And, tellingly, these networks have been able to continue to operate throughout the high-profile cyberattacks that have made the headlines over the past year.

Networks, by design, rely on two-way communications. Given the sensitivity and importance of the data involved, companies need these networks to be always available, always bandwidth-capable, and always secure.

At the same time, business-critical networks need to be connected using communication links that strictly control the identity and rights of the people, applications, and devices accessing them. And while they need to be private for security reasons, in many cases they also need to be open and transparent for regulatory reasons.

Consequently, the private-network model has emerged as one of the most viable for the emerging IoT world.

PSD2 and More

A critical example of the need for this model is the new Second Payment Services Directive (PSD2) regulations coming into effect in Europe.

PSD2 will require a new level of collaboration and security between banks and their financial services partners. And, for the first time, it will allow bank customers to utilise third-party providers to manage their finances and help them with services like making payments and arranging money transfers.

Banks will be required to open access to customer data to a host of third-party companies, and at the same time ensure the security and privacy of customers’ information. Again, this control cannot be guaranteed if those connections are coming over the public Internet, with its vulnerability to attack over such a wide surface.

So, with new regulations like PSD2 propelling the beginning of a new IoT era, businesses must begin to develop a full-scale strategy for securing their business operations on a private, isolated network. 

Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Bitdefender announces security integration with Kaseya
The new partnership will allow VSA by Kaseya’s cloud and on-premises users to deploy and manage security with Bitdefender Cloud Security for MSPs.
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.