SecurityBrief Asia logo
Story image

Expert opinion: How secure is the ‘I’ in ‘IoT’?

22 Nov 2017

Article by Mary Clark, Chief Corporate Relations Officer and Chief of Staff at Syniverse

There’s a lot of talk these days about the Internet of things (IoT). But what’s often overlooked is that the IoT is also an Internet of shared services and shared data. And this simple fact is quickly becoming one of the biggest hurdles for companies looking to integrate their businesses with the IoT.

Specifically, the public nature of the Internet is causing business and government leaders alike to confront a profound challenge. The global ransomware attacks this year that have crippled infrastructure and businesses across Europe have highlighted systemic vulnerability of the public Internet. And as both the number of connected devices and data traffic volumes continues to grow, so too does the level of damage and disruption that a cyberattack can inflict upon this open network.

Clearly, today’s IoT-oriented businesses must begin to develop a full-scale strategy for moving their vital business operations to a global, private, isolated network. Let’s take a closer look at the reasons why.

The IoT’s Looming Challenge

Cisco’s Visual Networking Index (VNI) forecast predicts that global IP traffic will increase three-fold, reaching an annual run rate of 3.3 zettabytes by 2021. In fact, for the first time in the 12 years of the VNI forecast, M2M connections that support IoT applications are predicted to make up more than half of the world’s total 27.1 billion devices and connections. Together, they’ll account for five percent of all global IP traffic by 2021.

But while the number of connections continues to multiply exponentially and involve more and more partners, businesses remain vulnerable from the weakest link in the system – their connectivity.

The genius of the public Internet is that despite how we use it today, it was never designed to be a secure or trusted environment. It was conceived as a network for academics and researchers to exchange data, and it works as more of a best-endeavours network than a best-of-breed one.

For this reason, companies that want to conduct business, transfer data, monitor equipment and control operations globally – with certainty, security and privacy – should not be relying on public Internet connectivity. The sheer number of access points and endpoints creates an attack surface that is simply too wide to protect, and it calls into serious question whether the public Internet is up to the challenge of supporting the IoT. Instead, it’s time to take a step back and look for something different.

A New Network Model

One of the most effective solutions to the public Internet’s openness lies in the integration of global, private, isolated networks. These networks ensure complete separation from the public Internet, total control over who accesses the network and how, and maximum flexibility to build and optimise partnership connections. And, tellingly, these networks have been able to continue to operate throughout the high-profile cyberattacks that have made the headlines over the past year.

Networks, by design, rely on two-way communications. Given the sensitivity and importance of the data involved, companies need these networks to be always available, always bandwidth-capable, and always secure.

At the same time, business-critical networks need to be connected using communication links that strictly control the identity and rights of the people, applications, and devices accessing them. And while they need to be private for security reasons, in many cases they also need to be open and transparent for regulatory reasons.

Consequently, the private-network model has emerged as one of the most viable for the emerging IoT world.

PSD2 and More

A critical example of the need for this model is the new Second Payment Services Directive (PSD2) regulations coming into effect in Europe.

PSD2 will require a new level of collaboration and security between banks and their financial services partners. And, for the first time, it will allow bank customers to utilise third-party providers to manage their finances and help them with services like making payments and arranging money transfers.

Banks will be required to open access to customer data to a host of third-party companies, and at the same time ensure the security and privacy of customers’ information. Again, this control cannot be guaranteed if those connections are coming over the public Internet, with its vulnerability to attack over such a wide surface.

So, with new regulations like PSD2 propelling the beginning of a new IoT era, businesses must begin to develop a full-scale strategy for securing their business operations on a private, isolated network. 

Story image
Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.More
Story image
97% of organisations experienced a mobile threat in 2020 — report
93% of these attacks originated in a device network, which includes attempts to trick users into installing a malicious payload via infected websites or URLs, or to steal users’ credentials.More
Story image
Five things ANZ businesses should know about storing customers’ data
Businesses need to correlate events intelligently across multiple threat surfaces, application layers, and time spans to connect event A, to event B, to event C — even if they are months apart.More
Story image
Software-based facial recognition in payments industry to dominate by 2025
There will be more than 1.4 billion users of facial recognition software used for payments alone in 2025, up from 671 million in 2020.More
Story image
Aruba updates edge security platform with SD-WAN capabilities
Aruba’s latest iteration of its Edge Services Platform (ESP) has been quick to make use of HPE’s acquisition of Silver Peak in September last year.More
Story image
Users becoming more savvy with COVID phishing scams
“With COVID-19 being around for over a year now and employees becoming more aware of the types of scams that have come out related to the pandemic, cyber criminals are having less success with related phishing attacks."More