In the past ten years, there has been a complete shift in the way companies manage, secure and invest in their networks. The increase in the number of mobile devices that could connect to the internet drove significant demand for Wi-Fi in the workplace.
This led to an increase in the number of Wi-Fi devices at the network edge and, as a consequence, more network traffic across the core.
As it becomes the default method for connecting client devices – in place of physical connections – greater investment in the network has been needed in both wireless and physical network ends, to make sure that Wi-Fi could take the load and perform as required.
This shift also means that companies have needed to reassess their security posture as individual users have now become the network perimeter themselves.
‘Businesses have also had to introduce new security measures like VPN so that users can connect securely to the network, when not actually on-site, as well as managed and secured digital identities,’ says Colin Williams, chief technologist for networking, security and unified communications at Computacenter.
>See also: 5 predictions for the Internet of Things in 2016
The issue is that enterprises haven’t yet digested the mobile age – for most, they are still working on it.
Mobile was the catalyst for users to regain control over their computing requirements. Suddenly, employees could use their own mobile devices for business purposes.
The era of BYOD was born, and the business benefits from greater agility and productivity were so great that they trumped security concerns. The castle walls were breached – there was no perimeter, and device management became a whole lot more difficult.
Unknown threats
‘Add cloud services and the Internet of Things (IoT) into the mix and you have not so much evolution but revolution,’ says Graham Mann, UK MD and CMO at Encode Group. ‘That said, IoT for me is simply an extension of mobile. The point is that we don’t know what the security threats are now. We’re in uncharted waters that even the analysts aren’t clear about.’
Enterprise networks are now more fluid than ever, and they’re no longer within the control of the operations people.
IT operations and security teams now require tools that provide visibility: what devices are on the network, where are they and what are they doing? These teams will need to work together more closely than ever before – they have to exchange data and be prepared to act quickly and in unison to respond to security threats.
The opportunity for cyber-based criminal activity has never been greater. It will become increasingly difficult for IT operations staff to control connected devices.
As employees connect their devices to the network remotely, these devices will also be connected to a plethora of other networks and devices.
‘They can’t control the security of these devices,’ says Mann. ‘And they don’t know which devices are legitimate. The churn of connections will stretch their monitoring capabilities to breaking point. In all this turmoil, attackers will be better able to hide their nefarious activities.’
A recent European research study, conducted by Bomgar, found that 74% of IT leaders are concerned about breaches originating from connected devices over the next year.
It is clear that UK businesses will need to start future-proofing their security posture as IoT adoption continues to progress both in corporate and mainstream life.
‘The potential for unwanted users or cybercriminals to infiltrate large institutions will become more frequent, if not acted upon,’ says Stuart Facey, VP EMEA at Bomgar. ‘The tenacity, speed of attack and severity of potential threats will be determined by access vulnerabilities in the institution’s network.’
The connected age adds to the proliferation of more network-connected devices. Since connected devices can both consume and generate sensor or other data, it becomes critical that an IT organisation has full visibility of the network and the applications flowing over it.
‘True visibility allows for informed business decisions to be made from a capacity and network security standpoint,’ says Andy Brown, technical leader in the advanced technology group at Riverbed Technology. ‘If there’s a massive increase in the number of smart devices added to the network, this can severely impact the end users actually trying to get business done.’
Internet revolution
The Internet of Things, while in its infancy, has the opportunity to be one of the most catalysing technological developments in history – the next internet-era revolution.
It will transform the way people live and work by potentially eliminating routines such as supermarket shopping or visiting the post office. And solutions will be developed for every little inconvenience.
For example, La Poste, the French postal system, now provides an all-inclusive service that can be triggered with the push of a button – including pickup, packaging and shipping.
Pushing buttons can also restock cupboards. With Amazon Dash, consumers can simply push a button in their kitchen and products will automatically be ordered, paid for and delivered.
However, businesses must remember that the end users of these services have no regard for enterprise networks, and little understanding of cyber security.
‘It is imperative that security is elegantly embedded into the service, providing a simple and, most importantly, usable solution,’ says Peter Martin, MD at RelianceACSN. ‘A zero-tolerance mentality for simple security errors should exist which will allow for safe, secure and available service delivery.’
The connected age presents enterprises with many potential new network endpoints of various types that are not under the direct control of users or traditional IT management procedures.
With this increase in endpoints, it becomes increasingly difficult to secure the network using traditional methods. For example, if IoT takes off as predicted, enterprises will be required to consider best practice for securing a smart air conditioner, which is entirely different to securing an employee’s smartphone.
Trying to manage individual endpoints with diverse network needs on a ‘device by device’ basis is not scalable.
‘A more business outcome, policy-based approach will be needed embracing automation and intelligent orchestration,’ says Brown. ‘Enterprises are going to be required to start thinking about all the data from their network, examining the entire system rather than just localised occurrences.’
Until recently, the cost of connecting IoT devices to a wide-area network has been a major barrier to widespread IoT deployment. However, the evolving IoT network and device ecosystem is rapidly changing to remove this barrier.
Moreover, 5G, the next generation of wireless technology, will provide an end-to-end ecosystem to enable a fully mobile and connected society.
‘With speeds measured in multiple gigabits per second, latency in the single-digit milliseconds and the capacity to handle 1,000 times more consumption than current network technologies, 5G promises to deliver on IoT opportunities like robotics, autonomous vehicles and the massive scale expected in a truly connected world,’ says Peter Konings, director of enterprise networks and managed services at Verizon.
IoT complexity
With enterprise networks becoming busier than ever before, supporting an abundance of new connected technologies now represents a significant addition to the IT management burden.
According to a recent survey by Ipswitch, 66% of IT professionals feel that IT complexity is making it increasingly difficult to do their job, especially when it comes to assuring zero downtime.
The lack of common IT management tools across IT teams isn’t helping, making a holistic view of today’s increasingly complex technology stacks difficult to achieve.
‘44% of IT teams report using three or more tools,’ says Michael Hack, SVP EMEA operations at Ipswitch, ‘with many using between ten and 20 tools. This means that time is wasted switching between tools to gain an accurate view of application and infrastructure performance.’
Many organisations are jumping on the IoT bandwagon but don’t yet realise they are now big data companies that have to process and manage these massive data sets over time, including handling personal information and passwords embedded in that data.
Unless the people implementing IoT can get their arms around big data, privacy and security concerns will thwart mass adoption.
Alongside this, there is the issue of where data gets processed. Traditional IT implementations collect data from endpoints and send it to the home server or data centre for processing.
This approach is ineffective for handling those massive data sets. ‘More processing will be moved out to the edge so that data can be maintained and processed locally,’ says Jaspreet Singh, CEO at Druva.
At the same time, it’s routine for sensor and other IoT-generated data to be moved to the cloud.
‘Since there’s little agreement on which approach is best for processing, IoT employs a mix of edge and cloud computing, with data management and protection strategies required for both.’
When it comes to preparing for IoT, organisations should invest in connectivity. Companies that have pioneered new business models in the connected world, such as Uber and Airbnb, are all about maximising asset utilisation, which requires data, computing power and a service model.
>See also: How the Internet of Things is changing business models
‘All businesses ultimately become commoditised,’ says Haydn Jones, account MD for media at Fujitsu UK and Ireland. ‘Technology allows a deeper structural commoditisation whereby the assets previously within the business model – people or machines – are available on demand, without taking them onto your balance sheet.’
Connected devices consume and generate information that requires backup, recovery and management. To accomplish this, IoT requires a new, holistic approach to the data residing in endpoints, data centres and the cloud.
Best practices for this are currently few and far between, and unresolved questions remain about how to handle data processing, backup and intelligence.
Collaboration between vendors will help, while standards for IoT are also being discussed. IoT also raises a host of privacy, security and liability issues that have to be considered.
If devices can be hacked and misused, the likelihood is that this
will take place. Hackers already use devices like internet-connected digital video recorders within closed circuit TV to host botnets.
‘IoT solutions will require bullet-proof functionality to protect sensitive commercial information and safeguard users’ personal data,’ says Singh. ‘However, many IoT devices don’t have this security in place today, and don’t have upgrade paths in place for the future either.’