Proper planning before signing off on an IoT strategy can make a lot of difference in expectations and outcomes.
Among the big technologies of today—AI, cloud infrastructure, big data and analytics, IoT is expected to have the biggest impact on the Industry 4.0 revolution worldwide, according to Statista.
Nonetheless, IoT adoption comes with its fair share of challenges. Chief among them is increased cybersecurity risks. Having more connected devices in a network means a larger attack surface area for cyber threat actors. Perhaps the most infamous IoT hacking incident was the Mirai Botnet attack, which took down parts of Amazon Web Services and its clients, including GitHub, Netflix, and Twitter.
More recently, hackers have also breached security-camera data collected by Silicon Valley start-up Verkada, gaining access to footage from hospitals, police departments, prisons, schools, as well as companies such as Tesla.
Cybersecurity risks and IoT
A robust IoT strategy should address cybersecurity requirements as a whole.
Businesses require a secure network infrastructure that supports all aspects of their operation, and these include IoT connectivity, policy management for users and devices, applications such as communication and collaboration, and workflow automation.
A robust cybersecurity strategy also reduces risks across Bring Your Own Device (BYOD) policies, IoT, shadow IT and more.
Network performance and IoT
Another key consideration in IoT planning is network performance. The hype in recent years has been focused on 5G and Wi-Fi 6. Generally, 5G is ideal for large, outdoor environments that require longer-range connectivity. In smart transport IoT applications for instance, this can mean vehicle-to-vehicle or vehicle-to-road connectivity.
Wi-Fi 6, on the other hand, brings benefits like lower cost of deployment and maintenance. Being a Wi-Fi network, it is also very scalable. This makes the technology optimal for most IoT strategies and means that it will continue to be the predominant technology for most campus and office environments.
However, both 5G and Wi-Fi 6 developments are relatively new. Many cities and facility owners across the region are currently still putting in place the necessary infrastructure to support these technologies.
Also, many businesses are operating in fast-changing environments that require operations to be agile and flexible, given the recent rushed transitioning to office- and factory-based workers to a distributed work-from-home workforce.
Selecting the right network for a business IoT setup may not always be as straight forward as it seems.
Many devices, much to consider
Considering the investment and expertise required, business and IT leaders need to have a clear idea of how their IoT system will bring value to the overall operations in the first place. This means finding out what success would look like.
Consider questions like:
- Which processes should it cut down (or eliminate)?
- How often will the devices be used?
- Which features will be used the most?
- What will the cost of upkeep look like?
That is not all. Leaders still need to consider what deployment would look like, while factoring in the need for security and reliability.
As mentioned, businesses must take a holistic view on cybersecurity. Mainly, they ought to ensure that the entire network is not compromised in the event of one cyberattack incident.
This means virtually segmenting all infrastructure and networks so devices can only access certain services and are blocked from communicating with all other micro-segments of the network.
One way that Alcatel-Lucent Enterprise has adopted is a five-phase micro-segmentation strategy that can onboard IoT devices and to keep them in their dedicated containers, helping to minimize security risks, without wreaking havoc on current processes.
- Monitor: Before you do anything, and while you develop an appropriate micro-segmentation strategy, start collecting the data that will assist in its development. Turn on IoT profiling to have an IoT device inventory report. If the devices support it, turn on deep packet inspection (DPI) and start collecting data about the applications used by each device type and their traffic flows. If the devices do not support DPI, turn on sFlow collection on LAN and user behavior tracking on the WLAN. Enable monitoring/logging on firewalls, proxies and other monitoring tools available.
- Validate: Having an IoT device inventory, you now need to
- identify the stakeholders
- research the security capabilities
- identify the required traffic flows
- assess the security policy compliance
- create a remediation plan if necessary.
The following questions need answers:
- Is there a legitimate business need for this device? If not, get rid of it
- What security capabilities does it have, does it support certificate-based authentication, encryption, etc?
- What other devices and applications does it need to communicate with?
- Does it comply with password, firmware updates and other security policies?
- If not, develop a remediation plan for it
- Plan: Begin to devise a segmentation strategy for different device and user types. What is the right macro-segmentation strategy? Is it VLAN, VPN, tunneling? What are the required device and/or user roles or profiles? What are the required micro-segmentation policies for each device type? How will the device be authenticated to the network (802.1x certificates? MAC authentication?). Will it use IoT fingerprint classification instead? Will firewall integration be required?
- Simulate: Authentication and security policies are rolled out in ‘fail open’, logging-only mode. Devices that fail to authenticate will still be allowed to connect and unexpected traffic flows will still be allowed through. Authentication and policy hit-and-miss occurrences will be logged for a period of time and adjustments will be made until no critical misses are recorded. With these policies in place, even in logging-only mode, traffic monitoring reports (phase 1) become more meaningful because now statistics can be filtered by specific role or profile.
- Enforce: After enforcing authentication and security policies, convert them to ‘fail closed’: any unauthenticated devices or unexpected traffic flows will be blocked (or quarantined) and logged.
Additionally, as businesses add more devices to their networks, they need to ensure that they have bandwidth and capacity ready to keep up with the demand. Leaders must therefore look into robust network solutions that can address varied IoT deployment scenarios to simultaneously support multiple devices, sometimes of different makes and models, at once.
A sound IoT strategy that is agile enough to allow for the businesses to pivot when required must be in place early in the process.
Only then, will they be able to thrive in an efficient, safe, and secure connected environment.