Safeguarding distributed IoT networks

With each of those smart devices connected to edge gateways or centralised clouds via IP networks, the IoT will not only generate more data than any other single application, but also the quickest data with its continuous, real time streaming of sensor sources.

With use cases spanning smart cities, personalised marketing, dynamic pricing and more, the possibilities for such real time deployments are virtually endless. Unfortunately, so are the cyber security vulnerabilities.

Security risks are still the primary inhibitor for IoT adoption rates, and even cloud deployments of highly sensitive data. The IoT’s security challenges are particularly daunting because they require safeguarding devices outside of traditional enterprise boundaries. Moreover, these endpoints are designed for lightweight data transmissions - not enterprise class security protocols.

The flexible, fine-grained security of Software Defined Perimeters, however, excels in IoT settings or any type of cloud environment. Lightweight and portable enough to be installed in the most inexpensive of endpoint devices, this solution leverages several measures to conceal data transmissions from anyone but the sender or receiver.

Consequently, organisations can protect endpoint devices, edge gateways, and centralised clouds to actualise the IoT’s advantages while reducing its risks.

IoT device dangers

It’s difficult to assess which aspect of IoT security is more inhibitive - the fact that transmissions initiate outside the perimeters of conventional enterprise cyber security mechanisms, or that the devices aren’t designed for contemporary security challenges. The reality is that even if devices are behind traditional cyber security perimeter defences like Virtual Private Networks or firewalls, the increasing numbers of data breaches indicate they’d be just as vulnerable.

VPNs aren’t suitable for IoT use cases because organisations don’t own the physical infrastructure in the cloud to properly implement gateways there. Also, it’s difficult for VPNs to match the scale of the containers frequently deployed in the IoT, while the connections themselves are unreliable.

The diminished compute, storage, and hardware capacity of endpoint devices make them intrinsically vulnerable, and are oftentimes consequences of the need to conserve costs. The effectiveness of IoT deployments is based on quickly issuing as many devices as possible in distributed settings for rapid data transmissions delivering real-time insight, like connecting fuel dispensers in the oil and gas industry for visibility into fuel consumption and asset monitoring.

Costs would swiftly escalate if organisations had to equip each endpoint device with the capabilities of more expensive hardware, compromising the ability to distribute these devices and the subsequent value they’d generate.

Discreet data transmissions

The benefits of isolating data transmissions with Software Defined Perimeters naturally extend to these facets of IoT security: the limited cyber security capabilities of endpoint devices and the fact that they’re outside typical perimeter defenses. Moreover, they enhance the overall security of distributed networks by fortifying both ends (the devices and edge computing gateways) and centralised clouds.

In the oil and gas industry, for example, organisations can directly connect data from containers in fuel pumps to the cloud for analytics by deploying lightweight gateways on each end. These gateways are securely introduced to one another by a matchmaking service in the cloud via a random port generation. Once the gateways are introduced, secure microtunnels can be deployed directly between the gateways that enable invisible communication that’s almost impossible to detect.

As substantial as the cyber security benefits of this approach are - data transmissions are discreet, the microtunnels utilise enhanced UDP for security by obscurity, the random port generation makes it difficult to ‘stake out’ ports - the business value might be even greater. The network isolation enabled by this method ensures that there are distinct transmissions for payments, rewards programmes, and fuel monitoring - greatly mitigating the possibility of Distributed Denial of Service attacks and lateral movement that can jeopardise the IoT.

This way, the IoT’s transmissions don’t tax additional network resources for communicating between locations at different gas stations, for example. Moreover, the ability to continuously monitor them significantly increases the capacity to adhere to federal and state regulations regarding fuel leaks and environmental hazards.

Finally, the microtunnels’ direct connections enable gas stations to comply with additional regulations like next year’s Europay, Mastercard, and Visa chip card compliance deadline for chip payments.

Failovers

As compelling as the preceding use case is, it’s important to realise Software Defined Perimeters provide these same core cyber security benefits of cloaked data transmissions for any IoT use case. The previous example is so eminent because it attests to the comprehensive value of this approach, which doesn’t just secure data coming from IoT devices to the cloud, but also helps stabilise the overall networks supporting these operations.

Each of the various types of data common to these use cases - such as payment information, customer rewards data, and data about the fuel itself - can be isolated and sent to its destination without involving the other types of data.

Furthermore, the microtunnels delivering the data have automatic failover capabilities for inherent resiliency that’s critical in low latent IoT applications. If ever one was to go down for any reason, data transmissions would failover to another to minimise down time and increase overall network stability.

A brimming future

In order to realise the IoT’s projected adoption rates and make it as influential as it can be across verticals, organisations must address the basic cyber security issues that are inhibiting it. Software Defined Perimeters facilitate dependable cyber security in a manner lightweight enough for endpoint devices and optimal for data transmissions stemming from remote locations.

The proper implementation of this method reinforces the line of business advantages the IoT is acclaimed for, while stabilising the data transmissions of organisations’ networks in general. This approach can make a crucial difference in turning the IoT’s projections into concrete reality.