Preventing security issues from destroying the promise of IoT
Internet of Things (IoT) devices fall into various categories. Some, such as those located in a hospital setting, are very sophisticated, with advanced operating systems and encryption and certificate capabilities built in. Other examples of note are Ring doorbells and Nest thermostats.
Security and the promise of IoT
The promise of IoT, however, is that sensors will become much less expensive to integrate and maintain, and therefore they will become far more ubiquitous. As IoT devices become more numerous, less capable, and less personalized, they create a Pandora’s box of security concerns.
In industrial settings, where devices are everywhere, the prevailing belief for many years was that these IoT sensors would be on an air-gapped network, automatically countering many safety concerns. However, with all the data collected now being directly forwarded to data scientist repositories in public clouds, this is no longer true.
The need for specialized routing
Industrial IoT (IIoT) sensors need specialized routing for many reasons. The primary reason is to provide security and segmentation across the WAN or public internet. Separating these devices from all other traffic is essential, as these devices may not be trusted – and to top it off, the information they are collecting may be proprietary. If these devices and the data they carry were left with the other general traffic traversing the network it could create additional security problems, as well as make it tougher to provide the specific security needed to protect this type of traffic.
Other reasons IoT sensors need specialized routing include traffic engineering, path redundancy and load balancing – all critical aspects to managing the effectiveness, efficiency, and uptime of the network.
Many industrial applications combine sensors with process controls. In this case, the network with the largest number of sensors may also be used to control any critical processes. Separating, protecting, and guaranteeing process control traffic travelling on the same wires as the IoT traffic is essential. While the IoT traffic is typically data – which is important in its own right – the process control traffic is even more critical to maintaining operations. Separating them protects the ability of each to operate successfully and for a security issue on one not to necessarily affect both.
Isolating IP address requests
In addition, IoT devices often need IP addresses, and they often use Dynamic Host Configuration Protocol (DHCP) to obtain these. When there are large numbers of devices, it is essential that the edge routing equipment can isolate these requests, handle them locally and provide a secure source Network Address Translation (NAT) as required.
IoT devices may use Network Time Protocol (NTP), Domain Name Server (DNS) or other network services to obtain information. These must be guaranteed to be secure, while the protocols themselves are not. As such, providing local NTP or DNS secure relay services is essential. Providing localized DNS resolution for IoT endpoints may also be advantageous.
IoT devices typically will be the initiators of all communication. These same devices should be invisible to others and be unreachable by all. To do this, the router must be capable of understanding the directionality of client/server communications, and then be able to enforce this.
IoT devices that are low-cost rarely can perform high-grade encryption. The routing equipment must be capable of authenticating and encrypting IoT flows between the sensors and the data centers they are connected to.
IoT devices and security: Full visibility is needed
Many IoT devices may need power from Ethernet switches. When managing these devices, it is very beneficial to have a single management/control plane for the Wi-Fi, wired, and secure edge routers. When an organization has full visibility into its operations through a single pane of glass, understanding the health of sensors is far easier.
Some IoT devices generate so much data that pre-processing the data is required prior to upload. In these cases, the smart edge routing device should be able to host or co-reside with containers for data processing applications.
Finally, most IoT devices will be connected to Wi-Fi networks. Having a tight integration with Wi-Fi networks is essential to ensure that security is maintained. Having Wi-Fi insights into IoT connectivity issues is essential in running a large network.
The promise of artificial intelligence
From finding bad cables, locating bad IoT sensors, diagnosing connectivity issues and more, AI can perform the same sequence of tasks as human operators, only much faster.
When planning a large IoT network, consider learning about how AI can be applied to the network to help automate some of the maintenance, control and security needed to make the IoT strategy a successful one.