Simplifying enterprise IoT adoption with automated securityJul 4th, 2019 Edit post
The Internet of Things (IoT), which describes the world of Internet-connected devices and sensors that talk to us and to each other, is enhancing communication, and giving businesses mountains of data which can be analysed to help them make more intelligent decisions.
“Unfortunately, alongside the benefits of IoT are many risks, as it becomes increasingly clear that by their very nature, IoT devices are not secure,” says Vinesh Singh, System Architect for HPE at Axiz, SA’s leading value-added ICT distributor.
He says IoT devices are insecure for many reasons. “Firstly, too many of them were not designed with security built in from the ground up. If they were lucky, security might have been tacked on as an afterthought. Secondly, these devices are cost-effective, due in part to the minimal if any investment in security, and wouldn’t have soared in popularity if they cost a lot more.”
“And as the IoT grows, cyber security is going to become an increasingly pressing issue, and it is for this very reason that many businesses are reluctant to adopt IoT within their organisations,” adds Singh.
“The connectivity and security challenges that organisations embarking on an IoT journey are faced with can be daunting. Moreover, according to Gartner, some 14 million new connected devices are being added to the network each day, the types of which are unpredictable and will vary greatly, meaning that manual device profiling techniques cannot hope to keep up with the explosion. To compound the problem, many IoT devices are connected to overlay networks that are poles apart, and only support a single type of connectivity, meaning that without automation, securing the IoT is virtually impossible.”
Moreover, Singh says more often than not, IoT devices lack the necessary compute or battery power that would enable them to be secured by traditional endpoint security solutions. “And they don’t log their activities, but instead turn on and off, vanishing from the network, until they are needed once again.”
This means the network itself needs to be able to secure IoT devices. “After all, in today’s threat landscape, the only way to establish whether or not a device has been compromised by attackers, is to monitor and analyse network traffic, to pick up any anomalous behaviour. Network access control, in conjunction with user and entity behaviour analytics, is the most effective way to secure the IoT.”
“Fortunately, Aruba a HPE company, has several leading solutions to help enterprises simplify their IoT journeys. Firstly, Aruba ClearPass Device Insight provides a single pane of glass for device visibility, using automated device discovery, machine learning-based fingerprinting and identification. IoT security starts with visibility, after all you can’t secure what you can’t see.”
Next, he says Aruba offers the 530 and 550 Series access points, which are an extension of the industry’s most advanced family of 802.11ax IoT-ready access points. “A combination of these two offerings enables organisations to completely remove any stumbling blocks to connectivity and security, and at the same time, significantly lower operating expenses, and complexity.”
Singh says Aruba’s closed-loop approach completely removes blind spots and arms IT teams with an automated and intelligent solution that gives full visibility into the flood of devices that are attaching to the company network each day, often without the sanction of the IT department.
The solutions provide thorough details on each and every device, such as who the manufacturer is, where the device is located, the ports and protocols in employs, application destinations, as well as traffic volumes. And all of this information is available on ClearPass’ single-pane-of-glass management platform. “This gives the enterprise total IoT visibility and control.”
Without the ability to identify the continually increasing number of IoT devices, both wired and wireless, that are on the network, organisations are inherently at risk of a breach, which could see them severely sanctioned by regulatory bodies, and face a loss of customer confidence and reputation, he adds.
“As more and more connected devices find their way into operational environments to solve new business problems, the issue of security becomes even more critical. Aruba’s solutions are finely tuned to mitigate the risk of IoT. They provide comprehensive, active protection to help businesses across the board close the IoT security gap and harness all the benefits of the IoT that are so key to the innovative initiatives that link the digital and physical worlds,” Singh concludes.