IoT Unifies Comms but Opens Pandora’s Box of Security Red Flags

When we think about unified communications, The Internet of Things (IoT) is already one of the biggest games in town, and is poised to become even more influential. As described in the research journal Computer Networks, “IoT applications are nearly limitless while enabling seamless integration of the cyber-world with the physical world.” This hits the nail on the head, as the use cases for IoT are everything and anything you can think of. They reach far beyond home-based applications like connected TVs and security systems to encompass industry game changers such as inventory management and optimised production in manufacturing, to tracking equipment location and performance on farms, to patient monitoring in healthcare settings.

And therein lies the challenge: hand in hand with this incredible new paradigm for tech innovation and transformative communication comes the reality of off-the- charts security risks. Analysts estimate that there are currently 7 billion IoT devices in use globally already, with the global number of connected devices estimated at over 17 billion, according to IoT Analytics. By 2025, the number is projected to swell to at least 21.5 billion IoT devices.

Part of what’s encompassed in these gigantic figures is smart devices communicating with each other. Whether these machines are tethered to clouds or edge gateways, IoT is a behemoth that is poised to create and churn the highest amount of data that the application world has ever known. Speed is a factor here too, as IoT offers ongoing streaming in real time, making it the fastest data on record too. But with endless use cases and overwhelming amounts of data combined, there’s something else to consider: how on earth to safeguard all of this sensitive information and circumvent a multitude of potential cybersecurity issues.

IoT: Data at Risk

Many enterprises are aware of the data vulnerabilities inherent in IoT applications, which accounts for why IoT isn’t being adopted even more quickly. Concerns around IoT data security go even beyond those of other cloud-based data deployments, which only need to worry about securing devices within the perimeters of the traditional enterprise. Two of the top IoT security issues to consider are:

• IoT endpoints can’t effectively handle security protocols of enterprise class, since they were designed only for lightweight data transmissions, not today’s security challenges
• Data transmissions begin beyond the boundaries of the usual mechanisms for cybersecurity within an enterprise

You might think that if you put an IoT device behind a firewall or VPN (virtual private network) that you’ve done your due diligence security-wise, but these standard perimeter defences don’t do the trick when it comes to IoT. Don’t believe me? Just check out the 2019 Data Breach Investigations Report from Verizon, based on over 41,000 security incidents from hacking and social attacks to malware and errors, perpetrated by outsiders and organised cybercrime groups as well as internal parties. Three main problems with VPNs that lead to these ongoing vulnerabilities and make them inappropriate for IoT are:

• Companies don’t own cloud-based physical infrastructure, so they can’t effectively implement cloud-based gateways
• IoT containers are generally scaled larger than VPNs can reliably match
• VPN connections can be flaky and undependable

Flexible Defense

While it’s a notable bummer that enterprises can no longer rely on traditional cybersecurity perimeter defenses to protect endpoint devices, centralised clouds, and edge gateways, there’s some good news in the fact that there’s a more modern way to reduce the security risks of the IoT while leveraging its clear advantages. That way is through use of software-defined perimeters, or SDPs, which work better than VPNs in IoT settings for reasons that include SDP’s ability to:

• Provide fine-grained security that’s flexible enough to thrive in any cloud environment
• Be installed even in very inexpensive endpoint devices due to its portability and lightweight nature
• Render data transmissions invisible to all except the person who has sent or received them

SDPs improve distributed-network security by protecting not only devices, but also centralised clouds and edge computing gateways.  They allow virtually undetectable invisible communication via secure microtunnels that are deployed between gateways. In addition to offering these discreet microtunnels, random port generation provides another layer of security and protection. When it comes specifically to IoT use cases, SDPs provide cybersecurity advantages that are identical to cloaked data transmissions. What’s more—and very important in low latent IoT applications—the microtunnels that deliver the data have automatic failover capabilities.

That’s why when it comes to IoT, organisations should conduct their due diligence in comparing options to facilitate dependable cybersecurity. Your enterprise can help move the needle in turning the projections about IoT into reality—and more important from a company perspective, leverage the full advantage of IoT applications—through an SDP approach that reliably protects and stabilises network data transmissions.

Guest Blog by Don Boxley, CEO and Co-Founder, DH2i
Don Boxley Jr. is a DH2i co-founder and CEO. Prior to DH2i, Don held senior marketing roles at Hewlett-Packard where he was instrumental in sales and marketing strategies that resulted in significant revenue growth in the scale-out NAS business. Don spent more than 20 years in management positions for leading technology companies, including Hewlett-Packard, CoCreate Software, Iomega, TapeWorks Data Storage Systems and Colorado Memory Systems.  Don earned his MBA from the Johnson School of Management, Cornell University.