A previous Quocirca blog post (The Internet of Everything – the need to manage external things) looked at how Internet of Things (IoT) deployments will mostly need to include access to at least some external devices. One of the problems this throws up, especially for network security teams, is the need to verify the safety of devices joining networks, over which they have little or no on-device control.
This problem is not exclusive to external devices, internal ones are a challenge too; IoT-integrated legacy devices will not have been provisioned with network security in mind and the processing power of low cost new devices will often be too limited to do much beyond the task they are built for. Furthermore – new or old – low powered devices will often be running one of a wide range of specialist operating systems making it hard to develop generic on device security software (as was discussed in a 2016 Quocirca research: European Perceptions, Preparedness and Strategies for IoT Security, sponsored by ForeScout, a network and IoT security vendor).
With legacy devices, one answer is to upgrade or replace them so th
at they are up to the job; but there is little appetite for doing so. Quocirca research (not previously published) shows that even if the cost of adding intelligence to a device was just €10, less than 50% would fork out for an upgrade. If the cost
was €20 this drops to 40%, €30 to 18% and so on (see figure).
However, most would not actually give up, but look to use a gateway of some sort to act as control point for managing multiple devices. Doing so has three main benefits.
- The gateway can manage network address translation (NAT), so each device behind the gateway does not need a unique IP address, this help with scalability and means IPv4 addresses can be reused putting of the need to move everything to IPv6
- The gateway can handle security, blocking suspicious access attempts and run regular device health checks
- The gateway can act as a data aggregator and filter, receiving feeds from each device it controls and look for exceptions to flag to a central IoT application platform, this can considerably reduce network traffic
Quocirca’s research also shows that intelligence of the central platform and gateways are both considered more important than the intelligence of actual devices.
The use of gateways or aggregators is the approach proposed in Quocirca’s Reference Architecture for the IoT, which sets out a generic approach to deploying IoT applications that is scalable, secure and cost effective. Quocirca’s research shows that the overwhelming majority of businesses are already being impacted by the IoT, the time to prepare networks for potential onslaught of new devices is now.