sb-nz logo
Story image

Expert opinion: How secure is the ‘I’ in ‘IoT’?

22 Nov 2017

Article by Mary Clark, Chief Corporate Relations Officer and Chief of Staff at Syniverse

There’s a lot of talk these days about the Internet of things (IoT). But what’s often overlooked is that the IoT is also an Internet of shared services and shared data. And this simple fact is quickly becoming one of the biggest hurdles for companies looking to integrate their businesses with the IoT.

Specifically, the public nature of the Internet is causing business and government leaders alike to confront a profound challenge. The global ransomware attacks this year that have crippled infrastructure and businesses across Europe have highlighted systemic vulnerability of the public Internet. And as both the number of connected devices and data traffic volumes continues to grow, so too does the level of damage and disruption that a cyberattack can inflict upon this open network.

Clearly, today’s IoT-oriented businesses must begin to develop a full-scale strategy for moving their vital business operations to a global, private, isolated network. Let’s take a closer look at the reasons why.

The IoT’s Looming Challenge

Cisco’s Visual Networking Index (VNI) forecast predicts that global IP traffic will increase three-fold, reaching an annual run rate of 3.3 zettabytes by 2021. In fact, for the first time in the 12 years of the VNI forecast, M2M connections that support IoT applications are predicted to make up more than half of the world’s total 27.1 billion devices and connections. Together, they’ll account for five percent of all global IP traffic by 2021.

But while the number of connections continues to multiply exponentially and involve more and more partners, businesses remain vulnerable from the weakest link in the system – their connectivity.

The genius of the public Internet is that despite how we use it today, it was never designed to be a secure or trusted environment. It was conceived as a network for academics and researchers to exchange data, and it works as more of a best-endeavours network than a best-of-breed one.

For this reason, companies that want to conduct business, transfer data, monitor equipment and control operations globally – with certainty, security and privacy – should not be relying on public Internet connectivity. The sheer number of access points and endpoints creates an attack surface that is simply too wide to protect, and it calls into serious question whether the public Internet is up to the challenge of supporting the IoT. Instead, it’s time to take a step back and look for something different.

A New Network Model

One of the most effective solutions to the public Internet’s openness lies in the integration of global, private, isolated networks. These networks ensure complete separation from the public Internet, total control over who accesses the network and how, and maximum flexibility to build and optimise partnership connections. And, tellingly, these networks have been able to continue to operate throughout the high-profile cyberattacks that have made the headlines over the past year.

Networks, by design, rely on two-way communications. Given the sensitivity and importance of the data involved, companies need these networks to be always available, always bandwidth-capable, and always secure.

At the same time, business-critical networks need to be connected using communication links that strictly control the identity and rights of the people, applications, and devices accessing them. And while they need to be private for security reasons, in many cases they also need to be open and transparent for regulatory reasons.

Consequently, the private-network model has emerged as one of the most viable for the emerging IoT world.

PSD2 and More

A critical example of the need for this model is the new Second Payment Services Directive (PSD2) regulations coming into effect in Europe.

PSD2 will require a new level of collaboration and security between banks and their financial services partners. And, for the first time, it will allow bank customers to utilise third-party providers to manage their finances and help them with services like making payments and arranging money transfers.

Banks will be required to open access to customer data to a host of third-party companies, and at the same time ensure the security and privacy of customers’ information. Again, this control cannot be guaranteed if those connections are coming over the public Internet, with its vulnerability to attack over such a wide surface.

So, with new regulations like PSD2 propelling the beginning of a new IoT era, businesses must begin to develop a full-scale strategy for securing their business operations on a private, isolated network. 

Story image
COVID-19 crushes fingerprint reader market
However, the biometrics market is expected to regain momentum with alternatives already beginning to find their feet.More
Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More
Story image
SOC, SIEM, SOAR and SASE define Fortinet’s Security Fabric
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, deciphers the jargon and explains how an alphabet soup of integrated security services spells comprehensive protection for your network and ensures business continuity.More
Story image
Majority of industrial enterprises face increase cyber threats since COVID-19
Leadership's top cyber security priority was implementing new technology solutions since the onset of the pandemic.More
Story image
Gartner reveals the top strategic tech trends for 2021
“CIOs are striving to adapt to changing conditions to compose the future business - this requires the organisational plasticity to form and reform dynamically. Gartner’s top strategic technology trends for 2021 enable that plasticity.”More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More