Successful rollout of enterprise digital transformation continues to be a mixed bag. We continue to see the explosive increase in connected devices (the IoT phenomenon) and large advances in application capabilities to improve enterprise productivity. But we’ve also seen the challenges of securely implementing these technologies potentially delaying greater enterprise adoption.
Security certainly became the hottest issue in late 2016 following multiple high-profile attacks. The Mirai botnet, which knocked some of the world’s leading websites offline, and the recent admission by Yahoo of a 2013 data breach involving over a billion user accounts are just two examples.
And these problems will be compounded as organizations begin to adopt more connected devices and IoT technology while still attempting to maintain their legacy network infrastructures.
Three focus areas will have a big impact on corporate networks in the next 12 months: safeguarding the network from potentially vulnerable IoT deployments, ensuring protection from costly distributed denial-of-service (DDoS) attacks and the adoption of “as-a-service” deployment methods to cost-effectively move toward a more inherently secure network infrastructure.
1. Containing, Not Constraining, IoT Technology
More and more industries are reaping the benefits of IoT; health care, education and manufacturing are just a few examples where new IoT-enabled devices deliver productivity improvements, lower energy costs and greater visibility. But the benefits of these new connected devices come with a new set of issues for the IT team: they are poorly secured, and Internet Protocol–enabled devices at the network edge offer attackers a back door into the corporate network.
The rise of IoT is forcing network engineers to think of new ways to manage networks and the growing number of connected devices. Continuous quality of service (QoS), intelligent device prioritization and high availability all contribute to a quality experience for the network’s users. But a large and insufficiently managed network will inevitably develop security weak points over time. By “containing” IoT into several virtual environments on a corporate network, businesses can greatly decrease the worst-case scenario of a network breach. The break-in is contained and cannot spread to threaten wider business operations.
How to effectively secure and manage IoT networks will become a major issue over the coming year or so, and IoT containment will form a core part of the solution. Using a segmented IoT approach allows deployed devices to be managed and operated only by personnel that use them, simplifying IoT management for the enterprise. For example, the IoT network can be segmented so that the HVAC control system is operated by the HVAC specialists, who can configure, monitor and operate the system without affecting the rest of the network. This approach avoids burdening the overtaxed IT organization with another management task.
2. DDoS Protection Will Be a Must-Have for Every Business
Containment also has an important role to play in managing the security of enterprise networks. By controlling access to the virtual networks and devices, it can stop compromised devices from reaching other areas of the network.
Do you recall the major network breach suffered by U.S. retailer Target in 2014? Hackers gained access to the entire Target network following a minor breach in the connected air-conditioning system. Simple network segmentation would have eliminated any wider threat from an unsecure air-conditioning system by containing it to the area it accessed.
According to Akamai, DDoS attacks on enterprises increased by over 12 percent in 2016 compared with 2015; this trend is expected to continue. We witnessed one of the largest ever DDoS attacks in 2016. A botnet from IP-enabled devices infected with the Mirai malware hit Dyn, a major provider of managed domain-name services (DNS), resulting in major websites being offline for hours. As IoT devices are hastily rolled out by businesses and consumers with default security settings and passwords, malware such as Mirai can scan for unsecured devices and take advantage of them.
This situation makes the DDoS threat to enterprises doubly concerning. First is the direct threat of falling victim to a DDoS attack on your network. Second is a DDoS attack can infect your connected devices, carrying out attacks not only within your network but against other enterprises. It’s just one area of concern for the largest online organizations and ISPs; imagine the financial losses if the online presence of an e-commerce business was knocked offline during a busy holiday period, for instance.
Over the next year, businesses and organizations should scrutinize every aspect of their networks, right down to network infrastructure equipment. DDoS attacks are difficult to prevent entirely, but by introducing protection at the access switch, enterprises can improve their first line of defense by detecting, filtering and ultimately blocking malicious traffic before operations are hindered.
Existing legacy network technology, however, often lacks the embedded intelligence to provide this layer of defense. When enterprises are looking to enhance their network infrastructure, whether to support the new bandwidth and networking demands of IoT devices or as a general replacement for legacy equipment, they should look to devices that have at least these three critical security capabilities to better provide a comprehensive first line of defense:
- The system source code has been independently certified by industry security experts
- The software will be scrambled in the hardware’s memory to minimize an attacker’s ability to find system vulnerabilities
- The software can be delivered by a trusted, secure infrastructure to eliminate the risk of receiving and installing code that has been tampered with
3. New Network Delivery Models: Pushing IT Beyond Opex
Containment of IoT devices and DDoS-mitigation strategies often require capabilities found only in the latest-generation network access equipment. But the challenge for the enterprise is legacy infrastructure and, with the continually shrinking capital budgets of most organizations, little budget to procure and implement this new equipment.
So how does an enterprise manage to do these tasks? One way is to follow the software-as-a-service (SaaS) playbook. Over the past several years, we have seen the rapid shift in the software world from capex deployments of software applications (such as databases, CRM systems and office productivity suites) toward opex and cloud deployments. These deployments offer lower up-front costs and flexibility to adapt quickly to the enterprise needs, as well as provide ubiquitous availability for today’s increasingly mobile workforce. Now, a similar benefit comes with network infrastructure as a service (NaaS).
Similar to SaaS, NaaS implementations have substantially lower up-front costs and can be managed on demand or on a pay-per-use basis. IT organizations can roll out the latest-generation security networking technology to support their IoT, mobility and digital-transformation needs with little initial cost and only ongoing operational expenses. This approach often incurs lower overall costs than just keeping the lights on for companies’ existing legacy infrastructure.
Digital Transformation: It Can Be Done Securely
Digital transformation is an imperative for corporations to stay relevant in today’s rapidly evolving digital era. But deployments have pitfalls that can harm your company both in profitability and in reputation. A properly laid-out plan that uses a single network infrastructure to isolate and contain the various IoT systems, provide inherently secure access infrastructure, and ensure you are deploying the latest-generation networking equipment can help guarantee that your digital-transformation activities deliver the best possible outcome for your business.
About the Author
Joseph Raccuglia is VP of Technology Evangelism for Alcatel-Lucent Enterprise, having over 25 years of experience in marketing, developing and managing IT Infrastructure products. His current responsibilities include supporting the company’s overall long-term strategy and developing programs to raise the visibility of Alcatel-Lucent Enterprise to customers, partners, analysts and the industry in general.
Joseph’s previous positions include VP of Corporate Marketing, solutions marketing for the Network and Security business divisions, and general manager for day-to-day operations of the VPN Firewall Brick security appliance and the IP Services Router portfolios. He has also held other engineering management and consulting positions at AT&T and NCR.
Joseph graduated with a master’s degree in computer science from Steven’s Institute of Technology and a Bachelor of Science degree in computer engineering from Carnegie Mellon University.