January 15, 2018
When it comes to protecting the Internet of Things (IoT), an extensive, embedded security plan is a necessity.
According to Gartner, 25 billion connected “things” will be in use by 2020. When you think of products like connected security systems, thermostats, cars, electronic appliances and alarm clocks, it becomes clear that IoT is becoming an integral part of everyday life. Advances in disruptive technologies like the cloud and security, combined with the rise of social media and increased mobility are enabling a new frontier of opportunities for these products to become more interconnected with people, processes, data and technology.
IoT’s impact on digital business will be undeniable, too. “It will introduce new business models, causing industries to be ‘digitally remastered’ and changing the way that businesses put great minds to work,” says Diane Morello, managing vice president at Gartner.
With multiple business applications like medical prescribing, banking, energy, retail, insurance and a multitude of other facets moving toward full digitization in the next few years, it raises the question of how to address concepts such as endpoint security. The typical method of security includes layering many different point security tools on top of one another. The problem with this is that the differing solutions often do not collaborate well together, or they leave security gaps that can easily be exploited.
The IoT security problem affects everyone. As each and every person’s data, devices and technologies become more intertwined and interconnected with everyone else’s, it becomes necessary to have some sort of embedded security plan in place.
To meet IoT’s specific security needs, a flexible security framework with four main components exists:
Authentication: This level focuses on verifying the identity of information of an IoT entry. When a connected IoT device needs to access an IoT infrastructure, the trust relationship is initiated based on the device’s identity.
Authorization: The second layer focuses on authorization that controls a device’s access throughout the network fabric. This layer builds upon the core authentication layer by leveraging the identity information of an entity. With authentication and authorization components, a trust relationship is established between IoT devices to exchange appropriate information.
Network Enforced Policy: This layer encompasses all elements that route and transport endpoint traffic securely over the infrastructure.
Secure Analytics: This layer defines the services by which all elements (i.e., endpoints and network infrastructure, inclusive of data centers) may participate to provide telemetry for the purpose of gaining visibility and eventually controlling the IoT ecosystem.
IoT has a diverse set of security needs that must be met to ensure users are protected. One example of a company that’s designing security solutions to meet the IoT security needs described above is Cisco. Cisco’s Security Everywhere strategy embeds multiple security technologies into the network infrastructure to provide broad threat visibility while minimizing the time needed to contain threats. Cisco Security Everywhere also allows users to maximize their existing and future investments by turning the Cisco network into a security sensor and security policy enforcer—facilitating enhanced visibility, context and control over any user or device that connects to the corporate network.
Adam Davis, CEO, Next Dimension Inc