The Internet of Everything (IoE) economy is creating new opportunities to transform the world around connected devices, people and processes in education, healthcare, manufacturing, commerce, transportation and other sectors. But with these new opportunities come challenges and check points with respect to data security and privacy that CSOs will need to cover. This article gives an insight into the security considerations that organisations and businesses of all sizes in Oman will be faced with as the IoE takes effect .
When ‘everything’ is connected, in fact before this, when the acceleration starts, IT organisations will need to be ready for security scalability. Fortunately, the Internet of Everything is not a cause for major concern as existing security methods, policies, and technologies can still be effective in protecting networks and infrastructure, even with an exponential increase on today’s numbers of people, processes, data, and things being interconnected.
There are many technologies available to secure today’s networks, and now is the time for CIOs to make sure their security is robust as more and more devices connect to their networks. It is important to consider security from the ground up and build it into the network’s intelligence, using the most suitable security standards and protocols.
Security technology exists today for IoE management
With more and more devices, the number of end points for network security proliferates quickly. Threat and vulnerability management must be extra vigilant as the network perimeter grows and new attack vectors come to light. The possibility of connected private networks between supply chains, and customers too, demands attention on the future code of connections for the hierarchy of online devices and data that will flow between companies which have traditionally been ring-fenced behind a firewall.
The IoE will see significant growth at the edge of the network, particularly with wireless and Wi-Fi-connected devices and things. Current wireless technologies already feature powerful embedded security protocols, such as WPA2 and WPA2-ENT, both of which use the Advanced Encryption Standard (AES) to protect data that is transmitted over these networks, and the security and encryption standards are sufficiently robust to cope with an increase in the volume of end point devices.
Whilst current security technologies can be applied to IoE today, other standards are being developed, most notably Constrained Application Protocol (CoAP), an application-layer protocol designed for electronic devices to communicate interactively over the Internet. CoAP can be combined with Datagram Transport Layer Security (DTLS) protocol to secure data in a similar way to HTTP-secure (HTTPS), which already encrypts web-based banking and e-commerce sessions. As a result, the ‘CoAPs’ protocol can prevent eavesdropping, tampering, or message forgery to protect against a range of attacks.
In addition, modern IP networks are already proficient at threat management, able to cope with sniffer, IP spoofing, and application-layer attacks. For example, IPv6 networks use IPSec to authenticate network traffic and maintain data integrity and confidentiality.
They also use 128bit addresses, with the massively increased address space hindering connection-port scanning attacks as they make it harder for attackers to locate individual targets. In addition, IPv6 supports public key certificates which can be used to encrypt communications between two recipients, and thereby counter eavesdropping and data modification attacks.
How will IoE affect corporate security policy?
Technology can protect organisations in the new era of IoE, but policy and management will be equally critical in ensuring effective security. Organisations must ensure they also have strong policies and processes designed to protect the privacy of both company and interconnected information from other networks.
Threats and vulnerabilities are likely to come from within the organisation as much as from the outside as IoE develops. Consequently, corporate policies on employment, working with third parties and contractors, and customer-facing areas of the network and the business may need adjustment to embrace the new IoE world, particularly to counter password-based, man-in-the-middle, and compromised-key attacks.
To help ensure consumer confidence as companies embrace IoE, businesses will need to demonstrate that they can and do protect personal information, whilst informing customers about their privacy practices, providing choices that help to ensure customers (and their customers) can control how their data gets used. There have been several successful industry-led initiatives, such as the Online Privacy Alliance and TRUSTe, which have achieved a reasonable balance between consumer protection and business requirements. Organisations can join these online privacy trustmarks and groups to offer customers further reassurance.
In terms of security
Eventually, network-powered technology will have the capability to solve IoE security issues, so for example, devices connecting to the network will take advantage of the inherent security that the network provides, rather than trying to ensure security at the device level. As a result, we expect a more ubiquitous, inherently-secure network to replace the traditional security architecture, securing the individual hardware devices such as switches, routers, load balancers, intrusion prevention appliances, firewall servers, and web application firewalls.
Traditional networking models are at risk of vulnerability breakdowns and security threats; however IoE networks will have automated detection and self-healing capabilities that will improve the reliability of the network as a whole. IoE is on its way – embrace the security imperative now; technologies are already moving in the right direction and enlightened CSOs with vision will be the winners of tomorrow’s security landscape.