It was amusing to hear at a conference earlier this year, how one speaker had hacked into an acquaintances home network of smart devices and used this to scare the living daylights out of him one night, just to demonstrate the point that you need to firewall your home networks adequately. However, despite stories about peoples kettles and fridges being harnessed for use in Distributed Denial of Service (DDoS) attacks, the means for implementing Internet of Things (IoT) security frameworks already exist. If you go to any IoT event, someone will be promoting their IoT security platform. It's just that there is some catching up to do with the installed base of old unprotected SCADA systems and first generation "smart devices" to ensure that they are properly protected. As most of them were deployed with scant consideration of security.
Recently, it has become increasingly obvious that reality is beginning to set in
about IoT exploitation. Businesses which want to exploit IoT
in any meaningful way need to set about heavy duty industrialisation of
key capabilities. Depending upon the business scenario in which you wish to exploit IoT, you may or may not have control of the end devices. In most cases you won't. So your solution may need to take into account different APIs for integration and different levels of security. It also needs to take into account that at any point in time, a significant part of the overall population of devices that you are communicating with may not be working for any number of reasons.
You also need to take into account the shear volume of data. IoT exploitation inevitably means large, fast growing volumes of data which has to be captured, sanitized, stored, analysed or exploited and managed according to relevant policies. However, many applications may need to take into account issues to do with geography; network bandwidth is not uniform within a county, let alone between countries. At sea it may be extremely low compared with land. Legal jurisdictions can impact what is permissable from a privacy or even data export perspective.
However, key to scalability is the means to manage an IoT network. Each IoT device used by your solution will generate large volumes of data itself. Whilst attention to date has been focused on the application data, the volumes of event data for the devices, networks, associated installations and security devices could potentially drown the volumes of application data involved. Managing this data so that you can control the overall performance of the solution and optimise business outcomes, is a problem vastly larger than that which most IT organisations struggle with today. Automation is the only answer. Automation which brings all the data together, intelligently analyses it and visualises it for analysis is needed. IoT adoption, usually means changing your business model to do things differently and more intelligently. This cannot happen if you are not capturing and fixing problems as they happen as well as anticipating problems based on trend analysis. So Automation of monitoring and analysis is key. So automated monitoring is not just a nice thing to have because the DevOps boys told you it is trendy. Automation is key to survival. It has to deal with both operational and security incidents, and it has to be integrated across your whole environment. Point solutions are not good enough.
Fortunately, there is a new generation of tools which do this. They do it across hybrid cloud environments and deal with multiple protocols. Analysis of experience to date indicate that not only do they lead to dramatically shorter resolution times to problems (e.g. quarter to a third of previous times using traditional approaches), but to reductions in incidents (by similar margins) and therefore significantly reduced loss of value when problems occur.
No comments:
Post a Comment