Joe Raccuglia is a Technology Evangelist for Alcatel-Lucent Enterprise.
Successful rollout of enterprise digital transformation continues to be a mixed bag. We continue to see the explosive increase in connected devices (the IoT phenomenon) and large advances in application capabilities to improve enterprise productivity. But we’ve also seen the challenges of securely implementing these technologies potentially delaying greater enterprise adoption.
Security certainly became the hottest issue in late 2016 in the aftermath of high-profile attacks. The Mirai botnet, which knocked some of the world’s leading websites offline, and the recent admission by Yahoo of a 2013 data breach of over a billion user accounts are just two examples.
And these problems will be compounded as organizations begin to adopt more connected devices and IoT technology, while still attempting to maintain their legacy network infrastructures.
There will be three particular focus areas that will have a big impact on corporate networks in the next 12 months: safeguarding the network from potentially vulnerable IoT deployments, ensuring protection from costly distributed denial of service (DDoS) attacks, and the adoption of ‘As-a-Service’ deployment methods to cost effectively move toward a more inherently secure network infrastructure.
Containing, Not Constraining, of IoT Technology
More and more industries are reaping the benefits of IoT – healthcare, education and manufacturing are just a few of the markets where new IoT-enabled devices deliver productivity improvements, reduced costs on energy, and expanded visibility. However, the benefits of these new connected devices come with a new set of issues for the IT team: They are poorly secured and IP-enabled devices at the network edge offer a backdoor into the corporate network for attackers.
The rise of IoT is forcing network engineers to think of new ways to manage networks and the growing number of connected devices. Continuous quality of service (QoS), intelligent device prioritization and high availability all contribute to a quality experience for the network’s users. But a large, insufficiently managed network will inevitably develop weak points in security over time. By "containing’" IoT into several virtualized environments on a corporate network, businesses can greatly decrease the worst-case scenario of a network breach. The break-in is contained and cannot spread to threaten wider business operations.
How to effectively secure and manage IoT networks will become a major discussion point over the coming year or so, and IoT containment will form a core part of the solution. Using a segmented IoT approach allows deployed devices to be managed and operated only by personnel that make use of them, making IoT management simpler for the enterprise. For example – the IoT network can be segmented so that the HVAC control system is operated by the HVAC specialists, who can configure, monitor and operate the HVAC system without impacting the rest of the network. This eliminates the burden on the overtaxed IT organization from having to take on another management task.
DDoS Protection will be a Must-have for Every Business
Containment also has an important role to play in managing the security of enterprise networks. By controlling access to the virtual networks and devices, containment can stop compromised devices from reaching other areas of the network.
Do you recall the major network breach suffered by U.S. retailer Target in 2014? The entire Target network was accessed after a minor breach in the connected air conditioning system. Simple network segmentation would have eliminated any wider threat from an unsecured air conditioning system by containing it to the area it accessed.
According to Akamai, DDoS attacks on enterprises increased by over 12 percent in 2016 compared to 2015 – and this trend is expected to continue. We witnessed one of the largest ever DDoS attacks in 2016. A botnet from IP-enabled devices infected with the Mirai malware hit Dyn, a major provider of managed domain name services (DNS), resulting in major websites being offline for hours. As IoT devices are hastily rolled out by businesses and consumers with default security settings and passwords, malware such as Mirai can scan for unsecured devices and take advantage of them.
This makes the DDoS threat to enterprises doubly concerning. First, there is the direct threat of falling victim to a DDoS attack on your network. The second concern is that the DDoS attack can infect your connected devices, carrying out attacks not only within your network but against other enterprises. This is just one area of concern for the largest online organizations and ISPs – imagine the financial losses if the online presence of an e-commerce business was knocked offline during a busy holiday period?
Over the next year, businesses and organizations should scrutinize every aspect of their networks, right down to network infrastructure equipment. DDoS attacks are difficult to prevent entirely, but by introducing protection at the access switch level, enterprises can improve their first line of defense by detecting, filtering and ultimately blocking malicious traffic before operations are hindered.
Existing legacy network technology, however, often does not have the embedded intelligence to provide this layer of defense. Enterprises, when looking to enhance their network infrastructure, whether to support the new bandwidth and networking demands of IoT devices or as a general replacement of legacy equipment, should look toward devices that have at least these three critical security capabilities to better provide a comprehensive first line of defense strategy:
- The system source code has been independently certified by industry security experts;
- The software will be scrambled in the hardware’s memory, to minimize the ability for attackers to find vulnerabilities in the system;
- Software that can be delivered by a trusted, secure infrastructure, to eliminate the risk that tampered code is received and installed on the system.
New Network Delivery Models – Pushing IT Beyond OPEX
The containment of the IoT devices and DDoS mitigation strategies often require capabilities found only in the latest generation networking access equipment. But the challenge for the enterprise is they often already have a legacy infrastructure – and with the continually shrinking capital budgets in most organizations, little budget to procure and implement this new equipment.
So how does an enterprise manage to do this? One way is to take a play from the software-as-a-service (SaaS) playbook. Over the past several years, we have seen the rapid shift in the software world from CAPEX deployments of software applications (such as databases, CRM systems, and office productivity suites) toward OPEX and cloud deployments, with lower upfront costs and flexibility to adapt quickly to the enterprise needs, as well as providing ubiquitous availability for today’s increasingly mobile workforce. Now, this similar benefit can be found with network infrastructure as a service (NaaS) offerings.
Similar to SaaS, NaaS implementations have substantially lower upfront costs and can be managed on an OPEX on-demand or pay-per-use basis. IT organizations can roll out the latest generation, security networking technology to support their IoT, mobility and digital transformation needs with little upfront costs and only ongoing operational expenses. This is often at overall lower costs than they are spending to just keep the lights on with their existing, legacy infrastructure.
Digital Transformation Can Be Done Securely
Digital transformation is an imperative for corporations to maintain relevance in today’s rapidly evolving digital era. But deploying it can have its pitfalls that can result in significant impact, both financially and for your company’s reputation. A properly laid out plan that can leverage a single network infrastructure to isolate and contain the various IoT systems, provide inherently secure access infrastructure and ensure that you are deploying the latest generation networking equipment, can help guarantee that your digital transformation activities deliver the best possible outcome for your business.
Opinions expressed in the article above do not necessarily reflect the opinions of Data Center Knowledge and Penton.