?
KALLE BJORN,
DIRECTOR
– SYSTEMS
ENGINEERING,
FORTINET
I
oT devices are a
critical component
of the new
digital economy,
collecting
and sharing
information
about a myriad of things, from smart
appliances, irrigation systems and
shipping containers to wireless energy
meters and mobile healthcare devices.
Of course, IoT introduces a number of
critical challenges as well, not the least
of which are, ‘how do we connect and
manage so many devices?’ and ‘how
do we secure so many devices and so
much traffic?’
Because most IoT devices are mobile,
they tend to connect to the network via
wireless access points. Since IoT wasn’t
on the horizon when most wireless
solutions were deployed, the growing
volume of IoT and user devices is now
overwhelming these access points. In
addition, because most IoT devices do
www.intelligentciso.com
|
Issue 03
not have security installed, the need to
apply security inspection and monitoring
is creating a bottleneck. The best
strategy for IoT security is through the
secure access.
Most networks with an IoT strategy
should use multiple methods for
connecting these devices to the
network. Securing these IoT devices
and networks, regardless of the
connection methods being used,
requires three things:
1. Distributed security
Despite claims to the contrary, the
network perimeter is not dead. Instead,
we now have a network of many
edges, which means that traditional
methods of security that employ an
isolated security device at the network
edge, or that direct all traffic through
a single network security chokepoint,
are no longer effective. In addition to
traditional security gateways, networks
require high performance wireless
access points with integrated security
in order to protect and secure WiFi
access at scale. Hardware ports need
to be hardened and monitored. Policies
securing different RF access methods
and protocols need to become part of
your security strategy. Cloud security
needs to see and secure IoT devices
and traffic. And all of it needs to be part
of a single, unified security strategy.
editor’s question
2. Segmentation
IoT devices and traffic represent a real
risk to your organisation. They need to
be automatically identified at the point
of access, segmented from the rest of
the network, monitored and tracked
along their data path and inspected
when they cross network zones for
aggregation or analysis.
3. Integration, correlation
and automation
Finally, as networks become increasingly
elastic and distributed, it is essential that
security visibility is not compromised.
Traditionally isolated security devices
are no longer a viable option. Distributed
security tools, whether in the cloud, at
new access points, or deployed deep in
the network, need to be woven together
into a holistic security fab ric strategy.
This architectural approach enables
clear, end-to-end visibility, centralised
management and orchestration, and
the consistent distribution of coherent
security policies. Devices that can see
and share threat intelligence can then
automatically coordinate a response to
any detected threat. Such an approach
allows security to span the network
regardless of how much it expands
and contracts and can automatically
accommodate new functions and
ecosystems as they are added, such
as cloud environments or IoT networks
and protocols.
29