The typical perimeter-only security model is a significant problem when in the context of the Internet of Things.
I love talking about the Internet of Things, or IoT. The buzzword is awful, but it’s a favorite topic of mine, bringing together the idea of an intelligently connected world with practical devices to create systems. These systems add intelligence, allowing devices to communicate machine-to-machine, and then take action as required.
It’s a gadget geek’s dream, with devices that can become intelligent, informed about their environment and able to make decisions based on that information. These systems promise to increase efficiency, reduce costs, and create an environment where new profit opportunities are offered.
Of course, as we begin to think about these possibilities, we should take the opportunity to build security into these systems as we go. Building security into systems from the beginning ensures an easier and more viable long-term solution.
Why Perimeter-Only Security Isn't Enough
The typical perimeter-only security model is a significant problem when in the context of the Internet of Things. Many of the systems we integrate will not have the same level of security systems built into them as one would hope, and thus may expose the network to unnecessary risks.
The first step, therefore, is to ensure that the security policy of the organization is one of layers, protecting the endpoints within the network as well as the perimeter. For most SMB organizations, a combination of antivirus, email security, content filtering and good backups will ensure that each endpoint is well managed. In the event that some portion of the network is compromised, the entire system will not be compromised.
Beyond that, networks should be layered. Not all systems require the same level of access, and the use of Virtual LANs (VLANs) and network segmentation to isolate systems that talk only with each other from the general production network is sensible. Building networks where only systems that require communication to each other is allowed will ensure a much more secure environment.
Most network security policies allow any Internet traffic to head outbound. While easy to administer, this leaves your system far more open than required. Locking DNS server traffic to only approved systems is a wise first step; ideally, allowing access to the open Internet only for systems that are expected to be communicating via the channel is a much more secure configuration.
Interestingly, this is exactly the time to begin preparing for this, as these security best practices make sense regardless of the kind of devices on the network. Furthermore, with the potential for the Internet of Things to grow over the coming years, proper architecture investment now positions businesses for the future, as well as delivers on business value now. Solution providers who move their customers to more secure configurations are future-proofing their customers, delivering value now, and solving a real need in the security space.
All of these present opportunities for the solution provider, both in one-time project opportunities as well as ongoing monitoring and maintenance of these systems. Security is not a one-time activity, but rather an ongoing process, and is ideal for a recurring revenue engagement.
The Internet of Things is going to create new possibilities for systems and present new challenges in the future, particularly as system authentication, backup and management will increase in complexity. How will these systems authenticate each other? How will they be secured? Starting to solve these problems now, with a foundation of good security, is smart business.
Dave Sobel, Director of Partner Community at MAXfocus, is responsible for fostering the growth and success of MAXFocus Partners. As Director of Partner Community, he helps promote collaboration, education and innovation among MAXfocus Partners and among the industry as a whole, ensures they have access to business, technology and market resources, and are utilizing the MAX Platform to achieve positive growth, enhance their offerings and become best-in-class solution providers. Guest blogs such as this one are published monthly and are part of The VAR Guy's annual platinum sponsorship.