How to Ensure IoT Security in a World That Cannot Be Trusted

The challenges surrounding IoT security remain today’s primary adoption rate inhibitor. Along with VPNs, a popular solution to today's IoT security challenge is found in software-defined perimeters (SDPs).

591
a hand holding an iphone
Illustration: © IoT For All

When history looks back on the innovations of this century, the Internet of Things (IoT) will most certainly stand out as one of the most impactful and transformative technologies of our time.

Today’s estimates indicate that IoT will reach the 30-billion-devices mark within the next few years. Take a moment to let that number sink in. That’s 30 billion smart devices and counting, with each one connected to clouds and edge gateways via IP networks, generating, collecting, processing and moving data faster than any other application via IoT’s continuous, real-time streaming of sensor sources. With use cases spanning virtually every industry around the world, from smart cars, to healthcare, to airline travel, to nations’ power grids, to the military, to your Fitbit, the possibilities for its applications are endless. Unfortunately, so are its cybersecurity vulnerabilities—well, perhaps not endless but certainly significant.

The challenges surrounding IoT security remain today’s primary adoption rate inhibitor. This is primarily due to the fact that IoT devices are typically deployed outside an organization’s traditional enterprise boundaries, making their protection, and that of their associated data, particularly daunting. Moreover, these endpoints are designed for lightweight data transmissions, not enterprise-class security protocols, which adds to the challenges.

Software-defined perimeters (SDP) have been gaining notoriety in the area of IoT, and for good reason. SDP’s flexible, fine-grained security has proven itself able to excel in IoT settings as well as any type of cloud environment. Lightweight and portable enough to be installed in the most inexpensive of endpoint devices, this solution leverages several measures to conceal data transmissions from anyone but the sender or receiver. By leveraging SDP, organizations can protect endpoint devices, edge gateways, and centralized clouds to realize IoT’s advantages while virtually eliminating its risks.

What’s at Risk?

It’s challenging to determine which aspect of IoT security is more inhibitive: the fact that transmissions originate outside the perimeters of conventional enterprise cybersecurity boundaries, or that the devices aren’t engineered for modern security challenges. The reality is that even if devices are behind traditional cybersecurity perimeter defenses, like virtual private networks (VPNs) or firewalls, the increasing numbers of data breaches indicate they would be just as vulnerable. VPNs aren’t suitable for IoT use cases because organizations don’t own the physical infrastructure in the public cloud to properly implement gateways there. Also, it’s difficult for VPNs to match the scale of the containers frequently deployed in the IoT while the connections themselves are unreliable.

The diminished hardware, storage, and compute capacity of endpoint devices make them inherently vulnerable; these are often the result of the need to conserve costs. The value and efficacy of IoT deployments are based on deploying as many devices as possible, as quickly as possible, across distributed settings for fast data transmissions delivering real-time insight, like linking fuel dispensers in the oil and gas industry for visibility into fuel consumption and asset monitoring. Costs would rapidly escalate if organizations had to equip each endpoint device with the capabilities of more expensive hardware, which would in turn limit the ability to distribute these devices, and consequently the follow-on value they would produce.

Security by Obscurity

The ability to enjoy a discreet data transmission by way of isolation is an inherent benefit of SDP. In other words, SDP overcomes the limited cybersecurity capabilities of endpoint devices and the fact that they’re outside typical perimeter defenses. Moreover, SDP enhances the overall security of distributed networks by fortifying both ends: the devices and edge-computing gateways, and public and private centralized clouds.

Turning again to the oil and gas industry example, organizations can directly transmit data from containers in fuel pumps to the cloud for analytics by deploying lightweight gateways on each end. These gateways are securely introduced to one another by a matchmaking service in the cloud by way of a random port generation. After the gateways are introduced, secure micro-tunnels can be deployed between the gateways that enable invisible communication that’s nearly impossible to detect.

The security advantages of the SDP approach are considerable: data transmissions are discreet, micro-tunnels leverage enhanced UDP for security by obscurity, and the random port generation makes it difficult to “stake out” ports, yet the business value might be even greater. The network isolation enabled by this method ensures that there are distinct transmissions for payments, rewards programs, and fuel monitoring, which greatly mitigates the possibility of distributed denial of service attacks and lateral movement that can jeopardize IoT. This way, IoT’s transmissions don’t tax additional network resources for communicating between locations at different gas stations, for example. Moreover, the ability to continuously monitor them significantly increases the capacity to adhere to federal and state regulations regarding fuel leaks and environmental hazards. Finally, the micro-tunnels’ direct connections enable gas stations to comply with additional regulations, such as the upcoming EMV chip card secure payment compliance deadline.

Compelling for Any IoT Use Case

As undeniable as the above use case is, it’s critical to understand that an SDP approach provides these same core cybersecurity benefits of cloaked data transmissions for any IoT use case. The previous example is so eminent because it attests to the comprehensive value of this approach, which doesn’t just secure data coming from IoT devices to the cloud, but it also helps stabilize the overall networks supporting these operations.

Each of the numerous types of data common to these and other use cases—such as payment information, customer rewards data, and data about the fuel itself—can be isolated and directed to its destination without involving the other types of data. Moreover, the micro-tunnels delivering the data have automatic failover capabilities for inherent resiliency that’s critical in low-latent IoT applications. If ever one was to go down for any reason, data transmissions would failover to another to minimize downtime and increase overall network stability.

Trustworthy Cybersecurity, in a World That Cannot Be Trusted

To reap the benefit of IoT’s projected adoption rates, and to enable it to become as powerful as it can be across verticals, organizations must address the basic cybersecurity issues that are impeding its progress. As discussed, the most pressing concern today is that of security. This is not an unreasonable concern. According to Risk Based Security’s recently released report, during the first six months of 2019, there were a total of 3,813 security breaches; that’s about 20 per day.

Software-defined perimeters enable organizations to facilitate trustworthy cybersecurity in a manner lightweight enough for endpoint devices and optimal for data transmissions stemming from remote locations. The appropriate implementation of this method reinforces the line of business advantages the IoT is hailed for while stabilizing the data transmissions of organizations’ networks in general. This approach can make a critical difference in turning the IoT’s projections into concrete reality.

Written by Don Boxley, Jr., co-founder and CEO of DH2i.