Kemp: Three common IoT security pitfalls
Article by Kemp APAC regional director Tony Sandberg
The promises of greater efficiency, agility and cost-savings are driving increasing numbers of enterprises towards cloud computing while advancing technology is allowing them to extend its benefits to their emerging Internet of Things (IoT) workloads.
Yet the technology is heading for troubled waters.
Research shows that IoT is disrupting markets and IT organisations worldwide, changing economics and agility in many markets.
This change is driving growth in IoT device data, analysis and integration with back-end systems, along with the subsequent IoT feedback and control that will improve business outcomes.
Gartner predicts that:
- By 2020, there will be 25 billion connected IoT devices, with a compound annual growth rate of 35%.
- By 2018, the number of new connections for IoT devices were to exceed all other new connections for interoperability and integration combined.
The business and technical challenges of managing and capitalising on IoT adoption remain daunting.
The challenges in designing and deploying large-scale IoT solutions are enormous, due to the rigidity, poor elasticity and limited dependability of traditional products.
- Traditional IoT solutions are rigid and inflexible because they are tailored to solve a problem and are not designed for flexible customisation, utility-oriented delivery and granular consumption.
- IoT devices are not built to scale dynamically to respond to varying loads.
- The general measure of availability, reliability and maintainability of traditional IoT solutions is poor.
- The dynamic heterogeneity and geographical distribution of large-scale IoT solutions disrupt traditional security and management tools, rendering them ineffective.
The IT industry is recognising that traditional load balancers are not suited for environments that include IoT deployments, but at least one vendor has created a suite of virtual products and application delivery tools more suited for today’s IoT workloads.
Advanced vendors are offering abstract application delivery services from the physical networks that deliver virtual services which can be attached to IoT workloads.
These allow software to be provisioned dynamically to deliver proactive performance management.
To enhance reliability and availability, new solutions include L4-7 load balancing and Geo (geographic) load balancing.
These ensure that IoT sessions are always processed by the most highly available server.
Geo load balancing also ensures that IoT sessions are sent to the application server closest to the IoT device.
A central application delivery framework can offer a single point for control, analysis and diagnosis of key application metrics that enable customers to make smarter decisions about managing capacity adaptively.
Advanced monitoring and analytics engines allow changes in device behaviour to be visualised and remedial actions to be taken before a catastrophic failure occurs.
To improve security, a web application firewall (WAF) will secure IoT applications dynamically.
By enabling SSL, SSO or IPSec encryption for edge security, IoT data will be protected during the transfer from the enterprise edge to the cloud.
Finally, edge security software is able to authenticate and authorise enterprise systems.
Reliability and availability
The challenge: Most IoT solutions involve thousands of endpoints that generate and process data across multiple networks. Organisations running traditional IoT systems are often locked into a rigid framework and cannot respond fast enough to changing demands of IoT solutions.
The solution: Services like load balancing and web application firewalls are delivered through virtual services. They can be deployed and attached to IoT applications automatically on demand.
Leading software-based applications include high-performance L4/7 server load balancing to ensure that each user receives the best possible application experience. Distributing incoming IoT sessions to the most highly available application serve accelerates processing time.
And by integrating with SDN controllers, they configure network bandwidth dynamically and direct network traffic to least loaded network paths.
This translates into more efficient load balancing, accelerated application delivery, and improved quality of experience (QoE) for end users.
In addition, they can support multiple hypervisors, including VMware vSphere; OpenStack load balancing as a Service (LBaaS) plugin; Microsoft Hyper V; and RedHat KVM.
Such wide-ranging support can slash the time required to deliver IoT solutions.
The challenge: Enterprise IT professionals and analysts agree that securing the network only at the perimeter is sorely inadequate for IoT solutions.
Modern attacks can exploit a perimeter-centric defence in no time.
After malware enters the data centre, it can move easily from sensor to sensor within the centre by compromising just one authorised sensor or using other nefarious methods.
A stricter, micro-granular security model effectively points to the need for unique firewalling of each individual IoT workload.
Until now, this approach has been cost-prohibitive and operationally infeasible.
The solution: Advanced virtual load software can deliver boast a ‘defence-in-depth’ architecture for securing IoT applications and data. This allows IT teams to bring security closer to the IoT workloads and protect IoT data.
To protect IoT data transfer from the data centre edge to cloud gateways, such software implements IPsec VPN tunnels.
IPsec is an industry standard that is offered as a secure connectivity option on cloud services from Microsoft, Amazon and Google.
The technology also protects against distributed denial of service attacks that hijack IoT devices and flood the network with traffic until systems are rendered unavailable.
An effective solution should include a web application firewall that combines with other application-delivery services that include intelligent load balancing, intrusion detection, intrusion prevention and edge security and authentication.
Such an edge security pack can authenticate devices using certificates before accessing the IoT application servers.
Active directory group membership can restrict access to IoT published applications. Installing certificates on devices can authenticate them with validation using the Online Certificate Status Protocol (OCSP).
Selected technology can deliver powerful, real-world solutions to address issues of security, privacy, cost, ease of access, agility and performance.
This can make managing the IoT infrastructure management a snap.