DRJ Fall 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 32, Issue 3

Full Contents Now Available!

Wednesday, 21 August 2019 14:00

Properly Safeguarding Distributed Internet of Things Networks

Written by  DON BOXLEY JR.

This blog post first appeared on the DH2i website.

 

Aside from the internet itself, The Internet of Things has the potential to become the most transformative technological application of our times. Conservative estimates indicate it will encompass approximately 30 billion devices in the next couple years, more than half of which will include machine to machine communication.

With each of those smart devices connected to edge gateways or centralized clouds via IP networks, the IoT will not only generate more data than any other single application, but also the quickest data with its continuous, real-time streaming of sensor sources. With use cases spanning smart cities, personalized marketing, dynamic pricing and more, the possibilities for such real-time deployments are virtually endless.

Unfortunately, so are the cybersecurity vulnerabilities.

Security risks are still the primary inhibitor for IoT adoption rates, and even cloud deployments of highly sensitive data. The IoT’s security challenges are particularly daunting because they require safeguarding devices outside of traditional enterprise boundaries. Moreover, these endpoints are designed for lightweight data transmissions—not enterprise class security protocols.

The flexible, fine-grained security of Software Defined Perimeters, however, excels in IoT settings or any type of cloud environment. Lightweight and portable enough to be installed in the most inexpensive of endpoint devices, this solution leverages several measures to conceal data transmissions from anyone but the sender or receiver.

Consequently, organizations can protect endpoint devices, edge gateways, and centralized clouds to actualize the IoT’s advantages while reducing its risks.

IoT Device Dangers

It’s difficult to assess which aspect of IoT security is more inhibitive—the fact that transmissions initiate outside the perimeters of conventional enterprise cybersecurity mechanisms, or that the devices aren’t designed for contemporary security challenges. The reality is that even if devices are behind traditional cybersecurity perimeter defenses like Virtual Private Networks or firewalls, the increasing numbers of data breaches indicate they’d be just as vulnerable. VPNs aren’t suitable for IoT use cases because organizations don’t own the physical infrastructure in the cloud to properly implement gateways there. Also, it’s difficult for VPNs to match the scale of the containers frequently deployed in the IoT, while the connections themselves are unreliable.

The diminished compute, storage, and hardware capacity of endpoint devices make them intrinsically vulnerable, and are oftentimes consequences of the need to conserve costs. The effectiveness of IoT deployments is based on quickly issuing as many devices as possible in distributed settings for rapid data transmissions delivering real-time insight, like connecting fuel dispensers in the oil and gas industry for visibility into fuel consumption and asset monitoring. Costs would swiftly escalate if organizations had to equip each endpoint device with the capabilities of more expensive hardware, compromising the ability to distribute these devices and the subsequent value they’d generate.

Discreet Data Transmissions

The benefits of isolating data transmissions with Software Defined Perimeters naturally extend to these facets of IoT security: the limited cybersecurity capabilities of endpoint devices and the fact that they’re outside typical perimeter defenses. Moreover, they enhance the overall security of distributed networks by fortifying both ends (the devices and edge computing gateways) and centralized clouds. In the oil and gas industry, for example, organizations can directly connect data from containers in fuel pumps to the cloud for analytics by deploying lightweight gateways on each end. These gateways are securely introduced to one another by a matchmaking service in the cloud via a random port generation. Once the gateways are introduced, secure microtunnels can be deployed directly between the gateways that enable invisible communication that’s almost impossible to detect.

As substantial as the cybersecurity benefits of this approach are—data transmissions are discreet, the microtunnels utilize enhanced UDP for security by obscurity, the random port generation makes it difficult to ‘stake out’ ports—the business value might be even greater. The network isolation enabled by this method ensures that there are distinct transmissions for payments, rewards programs, and fuel monitoring—greatly mitigating the possibility of Distributed Denial of Service attacks and lateral movement that can jeopardize the IoT. This way, the IoT’s transmissions don’t tax additional network resources for communicating between locations at different gas stations, for example. Moreover, the ability to continuously monitor them significantly increases the capacity to adhere to federal and state regulations regarding fuel leaks and environmental hazards. Finally, the microtunnels’ direct connections enable gas stations to comply with additional regulations like next year’s Europay, Mastercard, and Visa chip card compliance deadline for chip payments.

Failovers

As compelling as the preceding use case is, it’s important to realize Software Defined Perimeters provide these same core cybersecurity benefits of cloaked data transmissions for any IoT use case. The previous example is so eminent because it attests to the comprehensive value of this approach, which doesn’t just secure data coming from IoT devices to the cloud, but also helps stabilize the overall networks supporting these operations.

Each of the various types of data common to these use cases—such as payment information, customer rewards data, and data about the fuel itself—can be isolated and sent to its destination without involving the other types of data. Furthermore, the microtunnels delivering the data have automatic failover capabilities for inherent resiliency that’s critical in low latent IoT applications. If ever one was to go down for any reason, data transmissions would failover to another to minimize downtime and increase overall network stability.

A Brimming Future

In order to realize the IoT’s projected adoption rates and make it as influential as it can be across verticals, organizations must address the basic cybersecurity issues that are inhibiting it. Software Defined Perimeters facilitate dependable cybersecurity in a manner lightweight enough for endpoint devices and optimal for data transmissions stemming from remote locations. The proper implementation of this method reinforces the line of business advantages the IoT is acclaimed for, while stabilizing the data transmissions of organizations’ networks in general. This approach can make a crucial difference in turning the IoT’s projections into concrete reality.