The Emerging IoT Threat to Information Security

CIOs are facing a huge impact from the ‘Internet of Things’ (IoT) on their digital and information security.

With enterprises beginning to realise the importance of handling Big Data and incorporating Smart Analytics in their ITC systems, IoT is now forecast to add vast mountains of extra data to the already incredible avalanche with which business now has to cope.

So, the key question is: how well is an organisation (yours) prepared for this IoT impact? What is your strategy for developing ‘Next Generation Security’?

In December 2014, IDC came out with some frightening IoT predictions from their ‘FutureScape: Worldwide Internet of Things 2015 Predictions’ web conference. Among these they concluded that “within two years, 90% of IT networks will have an IoT-based security breach and Chief Information Security Officers (CISOs) will be forced to adopt new IoT policies”.

Complex IoT challenges

Gartner said that “the requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security.”

Perhaps even more startling, IDC predicts that “within three years, 50% of IT networks will transition from having excess capacity to handle the additional IoT devices to being network-constrained with nearly 10% of sites being overwhelmed”.

Gartner predicts that “by 2020, the installed base of ‘things’ – excluding PCs, tablets and smartphones – will grow to 26 billion units”.

Historic Anthem hack attack

In February this year, cyber-criminals, thought to be based in China, obtained the unencrypted information – including names, addresses, social security numbers – of some 80 million customers of US health insurer Anthem.

Ed Simcox, Logicalis’s Healthcare Practice Leader, gave this advice relating to the Anthem attack, thought to be one of the biggest in history to date:

“Given heightened attacks such as this one, it’s an important reminder that CIOs must maintain the necessary security posture,” Simcox said. “They need to do so even in the face of declining IT budgets and important, competing priorities by evaluating security against these other priorities.

“CIOs need to be comfortable communicating the business value of security initiatives to boards of directors and senior leadership. Only then can they acquire the proper funding levels and organisational support necessary to properly care for security.”

A range of Australian attitudes

Logicalis Australia Solutions Architect, Dr Greg Daley said that, in parts of Australia there is still a focus on controlling the ‘pipes’ data is accessed through.

“But I think that is becoming table stakes now: threats arrive through diverse sources, including paths independent of the corporate Internet service,” he said. “I think the focus in IT security will start shifting to control and management of breaches as organisations aim to trace and mitigate business impacts from attack.”

Dr Daley said that digital security threats are almost always worse from internal sources. Productivity relies on staff members having ready and flexible access to data. Internal security controls need to be robust to prevent such incidents, also because user level privileges are a significant vector for exterior attackers.

Changing security effectiveness

He highlighted recent trends towards encryption and said they have altered the effectiveness of perimeter security measures, such as web proxies.

“This means that threat mitigation needs to move to the end-systems, which embeds security in the end applications,” he said.

Dr Daley said that as a business-focused technology infrastructure vendor, Logicalis has always placed security as a key enabler for its customers.  Their philosophy is that security is a function that has to be “baked into infrastructure and services”, and has to be considered from the business requirements and design stages through to implementation and operation.

There has been a movement in recent years towards operational technology which means organisations are leveraging computing and network technologies for productivity.

Security ‘baked into the system’

“The risks that come along with this are that security breaches no longer impact the back-of-house operations: they can literally stop a road, a machine or a transaction,” he said. ” This means that the digital security of the environment has to be considered in the operational risk assessment, and once again this needs to be baked into the system from its inception.”

Dr Daley had this valuable advice: “Organisations which seek to integrate best security practice into their organisation’s processes from inception onward will limit the scope and damage of attacks,” he said. “Where they have systematic plans to defend, identify, remediate and recover from attack, they will be able to focus on core business with some certainty.”

To find out more about how Logicalis can help you and your business, head to the Solutions & Services page.

Preparing for ‘The Internet of Things’

While the ‘Internet of Things’ (IoT) may sound like an exciting approaching future where everything is blissfully connected, it may be a bad dream for infrastructure and operations managers struggling to keep their data centres relevant.

The IoT is just one of the unstoppable trends impacting CIOs and enterprises, along with the cloud, mobility social networking and Big Data. Other potentially disruptive technologies include software-defined networking (SDN), software-defined storage, network function virtualisation, plus extreme low-energy processors and webscale-integrated infrastructure.

All of these demand an overhaul of past data centre infrastructure, design and management practices. If CIOs are not already involved in modernising their data centre, they may already be falling behind their competitors.

The IoT is part of the impending ‘big picture’ disruption for IT and it’s forecast to be a very powerful transformative influence for society overall and for most industries. It can mean many things, from web-connected refrigerators, to in-built GPS systems for motor vehicles and huge driverless mining trucks piloted from thousands of kilometres away. Huge, driveless, automated haul trucks, for example, are already being used by Rio Tinto in the Western Australian mining industry.

Research house Gartner defines IoT as ” the network of dedicated physical objects (things) that contain embedded technology to sense or interact with their internal state or external environment. The IoT comprises an ecosystem that includes things, communication, applications and data analysis”.

Gartner forecasts that the top three industry verticals being hit by the IoT will be manufacturing, utilities and transportation, which, by 2015, will have 736 million connected things being used. By 2015, Gartner says the consumer sector will have 2.9 billion connected things, increasing to 13 billion by 2020. They believe the automotive sector will show the highest IoT growth rate (96%) by 2015.

No enterprise can dodge the IoT bullet train and Gartner declares that business has no choice but to pursue it just like they’ve done with the consumerisation of IT. They have some advice for IT departments on how data centres need to adapt to today’s unstoppable trends, like IoT.

• Enterprises now need to think beyond traditional data centre models around build, lease or refurbishment to options such as colocation or outsourcing.
• There needs to be a more holistic approach to data centre modernisation, encompassing the overall facility, which has not been a priority for too many businesses.
• Enterprises need to plan and implement a data centre modernisation strategy whether that involves building and populating a new data centre, modernising an existing one or sourcing externally. They should focus on sourcing data centre capacity, follow best practices in building a new data centre, and revamp their data centre infrastructure management.

While today’s technology users – consumers and employees – expect user-friendliness and simplicity when interacting with business, the back end is becoming ever more complicated and the IoT will only makes things worse. CIOs must deal with this conundrum and many are finding that the best strategy is to partner with an experienced external service provider, like Logicalis. The DIY approach has been proven to be dangerous.

IDC forecasts that by 1919, most organisations will stop managing their own infrastructure: “They will make greater use of on-premise and hosted managed services for their existing IT assets, and turn to dedicated and shared cloud offerings in service provider data centres for new services. This will result in the consolidation and retirement of some existing internal datacenters, particularly at the low end. At the same time, service providers will continue their race to build, remodel, and acquire data centres to meet the growing demand for capacity.”

The goal for modernising data centre infrastructure to have it thrive in the looming IoT environment, is to transition it from the traditional, consolidated and virtualised environment which is already struggling to cope. Logicalis has strategies to develop data centres that are efficient, automated and service oriented. The end result can be reduced management complexity, cost reduction and growth.

It is all too easy to succumb to the uncertainty and fear of historic IT trends such as the IoT, but there is experienced, professional help available to ensure that enterprises can capitalise on these trends, rather than be intimidated by them.

 

 

 

The ABCs of SDN

SDN or Software-Defined Networks has slowly been gaining momentum in the ICT world over the past few years. Whilst IDC points out that the SDN market is still early, with worldwide sales at US$ 360 million, the number is expected to grow significantly and reach US$ 3.7 billion by 2016.

Research by Network Instruments highlighted that over the past four years, SDN has moved from having no place in an organisation in 2009, to planned deployment in 22% of organisations in 2014. Organisations worldwide are beginning to see the value that SDN brings in helping them achieve competitive advantage: from giving organisations a centralised and more gradual control of expansive networks, improved experiences with applications, to general availability, reliability and security.

What is SDN?

According to its original concept, SDN is an architecture that foresees the abstraction of network control and data plans. In SDN, the software responsible for defining a routing process, security policies, traffic engineering and data plans is separated from the data plane and the actual forwarding of the packet.

Network elements are responsible only for physical package routing, while all routing control is through software at what could be called a superior layer. The intelligent layer is decoupled from the physical network-forwarding layer, allowing the decision making process to be distributed across more systems, and enabling organisations to drive resources throughout the network at greater speed and with greater flexibility.

What drove the emergence of SDN?

Accelerated growth of mobile devices and social networks, along with the increasing adoption of cloud computing and the future use of intelligent sensors in various devices connecting virtually anything to the network (the so-called Internet of Things) have been the driving forces of SDN.

These forces have given people and businesses new opportunities to change the way they operate, with the network being at the core of these transformations. It acts as the binding agent, playing a critical role in enabling the new hyper-connected world of people, businesses and governments. Subsequently, current network architectures are under scrutiny.

Despite meeting the needs of most use-cases and delivering a robust and powerful performance, the physical scalability and operational effectiveness of current network architectures made the network an enabler and a risk. To overcome this, a new model for network architectures has been built.

It’s built on the bases of open standards, reduced complexities of scale, improved flexibility and faster resource deployment to deliver new efficiencies in operations, by driving up the network scale while driving down the cost of large or complex network deployments. This new network model is known as Software Defined Networks or SDN.

What can SDN bring?

SDN will create networks that are more flexible, more agile and less complex to operate:

1. Networks where traffic policies can be quickly refined as business demand change, without having to individually configure switches and routers;
2. Networks where applications can directly interact with network resources, allowing the infrastructure behavior to be automatically defined according to the applications needs; and
3. Networks where virtualisation becomes as ubiquitous in the network as it is within the data centre, turning a relatively dumb ‘big pipe’ into an intelligent resource that can be applied and redeployed in an instant.

With SDN, the programmable network is born. Network elements are driven by Application Programming Interfaces (APIs) in their operating system, which will allow any applications, developed by a network vendor or a mobile application vendor, to interact with the system’s control plan, making traffic engineering decisions based on much more than just the physical devices mac, IP address or basic CoS or QoS metrics.

Ultimately, SDN provides the following benefits:

1. Reduced complexities – In abstracting the control of the network from the physical infrastructure, the link between human control and network control is broken, thus removing complexities and improving response times to changes to the profile of the network.
2. Centralised and gradual control – SDN brings expansive networks under central control. Decisions can be made and implemented centrally, to accurately direct resources and network profiles to make subtle changes that can deliver significant characteristic improvements.
3. Improved application experience – One of the most celebrated characteristics of SDN is its ability to create intelligent responses to business demands. With simpler configuration and centralized control, network administrators can align infrastructures directly to an application or the end-users’ specific needs.
4. Availability, reliability and security – SDN architectures significantly improve higher availability, reliability and security of network environments as they eliminate the need for manual interventions and individual device configurations.

In this new world, decisions could be made on information and business requirements as abstract as the SDN model itself; temperature, link cost, energy consumption or whatever needs to drive the network to drive the business.

To delve further into SDN, refer to our guide to SDN.