By 2020, the number of Internet-connected ‘things’ is expected to hit 50 billion. This rapid rise in the Internet of Things (IoT) – along with other practices such as remote working and employee mobility – is presenting new ways for hackers to attack business networks.
Connected devices and remote workforces extend the attack surface for enterprise networks; IT managers now have an even greater security challenge to deal with.
A greater area to attack
The proliferation of IoT has opened the door to an onslaught of attacks on devices and the web-based management platforms that run them. The security issue lies with the devices themselves.
For years, companies have been producing consumer-grade devices with a focus on areas such as productivity, customer experience and revenue streams — but very little on security.
There are several challenges to securing the IoT. Central to this is the fact that IoT scalability and security appear to be at odds. IoT sensor devices are, by their very nature, resource-constrained, containing very little processing power, computing capability, or sophisticated operating systems. They are designed to perform specific functions and nothing more.
While this simplicity is necessary to scale IoT systems and keep costs down, it makes it difficult to achieve the enterprise-level security normally expected in enterprise-class technologies.
As well as the devices themselves, another challenge is ensuring the security of the wide area network (WAN) used to execute IoT deployments. The Mirai malware attack, discovered in 2016, is an example of the potential scale of a WAN security breach. The Mirai attack affected networked devices — primarily IP cameras running Linux.
More than 100 countries were affected, and security expert Brian Krebs places the size of the attack at a record-setting 620 Gbps. Many blue-chip companies were impacted, and variants of the Mirai botnet were used to attack Liberia’s entire telecommunications infrastructure.
IoT and mobile workforces provide both the biggest opportunities and the greatest challenges for enterprise networks. The bottom-line benefits of employees being able to work anywhere are clear: greater productivity during business travel, more consistent communication, workday flexibility, reduced infrastructure costs, and much more.
However, the challenges are just as evident. Employees need access to a variety of applications and documents that live either in the cloud or at the corporate data centre.
Meanwhile, the IT department often must use inflexible legacy architecture and hardware to provide network and application access that is highly secure, no matter where employees are working from or which devices they are using.
How a software defined-perimeter can help
A Software Defined-Perimeter (SD-P) addresses many of the new networking challenges that legacy technologies only complicate. Instead of connecting networks or locations, SD-P uses a host-based approach, connecting both people and things directly to the applications and resources they need.
For example, a laptop that needs access to a server in the company data centre will have a direct, encrypted, and hidden connection right to that server. Different devices and users can easily be granted tailored, granular permissions without the complexity of managing an access control list.
SD-P works in a similar way for IoT systems. IoT devices are typically very simple, having been engineered with enough logic to perform a singular function — usually data gathering — and not actual computing.
Processing, interpreting, and distributing the data must occur elsewhere, and SD-P can provide a secure, direct connection between an IoT device and the computing device or application.
Further, SD-P actually enables management and control of IoT devices themselves from a remote location. Thanks to the direct, LAN-like connection between the IoT devices and other computers or applications, the computing to control and manage IoT devices need not take place on site.
SD-P is at the centre of WAN transformation and is having a profound impact at the Network’s Edge. The ability to connect an ever-changing number of people and things to the WAN, whether over wired or wireless Internet broadband, creates an Elastic EdgeSM – one that constantly expands, contracts, adapts, moves and evolves as business needs dictate.
Searching for security holes
While an SD-P network focus can help, it is still important to carefully consider network architecture for potential security holes. Businesses should be asking: where are the threats and what can we do to increase security?
Insider threats – whether malicious or non-malicious – come from bad practices within an organisation. For example, failure to educate users about careful network selection in public settings presents sizable risk.
For example, when an employee wants to work remotely from a coffee shop, airplane, or hotel room that offers free Internet, the potential for malicious activity is significant.
A bad actor can pose as that location’s Internet access and serve as a gateway through which people access the web. With the ability to survey all the Internet traffic at a public location, they can control everything. It can be very difficult to detect this type of attack.
Yet the bigger issue for the company is when an employee whose device was unknowingly attacked at a coffee shop returns to the office and plugs in; now the entire company network is at risk.
It is very difficult to know what network a team’s devices have been using. To help mitigate this risk, solutions that support cloud-based services such as content filtering and secure VPN to protect the corporate network should be used.
A secure network depends on everyone in the organisation doing his or her part. Mitigating security risks for distributed enterprises will require a comprehensive approach.
While the rise of IoT and the remote workforce holds huge potential for businesses, it will take a combination of efforts to keep the increasingly distributed enterprise networks as secure as possible.
Sourced by Hubert Da Costa, VP EMEA at Cradlepoint
The UK’s largest conference for tech leadership, TechLeaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here