The confluence of social, mobile and cloud has created an “app-etite” for all things tech, laying the groundwork for the next big tech revolution: the Internet of Things (IoT). The IoT has the power to transform lowly mechanical and electronic devices into modern marvels, disrupting entire markets in the process.

With disruption comes dollars. According to a recent report by Gartner, the IoT market, which excludes PCs, tablets and smartphones, is projected to grow to 26 billion units by 2020, up from 0.9 billion today, with an economic impact in the trillions.

Consequences of Interconnectivity

–
While the IoT promises better living through connected devices and the data and insights they generate, it will also usher in a new era of privacy and security concerns. One area of increased security risk is the number and magnitude of new “attack surfaces” associated with the IoT.  From a security perspective, an attack surface is defined as:

• The sum of all paths for data and commands into and out of a system;
• The code that protects these paths;
• All valuable data used in the system; and
• The code that protects these data.

–
Now, take the NEST Learning Thermostat. NEST can sense your presence, learn your schedule and adjust the temperature accordingly while constantly streaming your preferences and usage data to the cloud. Let’s apply the concepts of attack surface to connected thermostats. There are roughly 28 million businesses in the US, and the vast majority probably has a thermostat. Thus, just one small fraction of the IoT market represents 10X the Attack Surface of Windows XP.

Of course, not all of thermostats will be of the smart, connected kind, but you catch my drift. And if you think that a thermostat or connected HVAC (heating, ventilation and air conditioning) systems can’t lead to a security exploit, think again. Incident analysis confirms that ground zero of the recent Target exfiltration of personal data of 70 million customers was an HVAC contractor with network access. From there, hackers used the contractor as an intermediary and ultimately penetrated Target’s store network, embedding malware on point-of-sale machines.

The Target breach is a poignant example of the challenges associated with the IoT—you’re only as strong as your weakest link. The IoT represents an interconnected ecosystem in which third-party IT infrastructures of information providers, consumers and brokers are interwoven in a service-oriented manner with networks of devices/sensors and clouds providing computing, apps, storage and analytics. One weak link can expose the entire chain.

Enabling the IoT Through a Network of Clouds

–
In order to foster the potential of the IoT and minimize security risks, a new network paradigm centered on cloud-based networks is required:

• Cloud-Based Virtual Network Overlays: Private device networks are expensive, and securing the Internet outright is impossible. Cloud-based virtual network overlays leverage network virtualization and software-defined network (SDN) technologies to create private virtual device networks over the Internet.

• Programmable Flows: The IoT is essentially a service-oriented architecture where data from connected devices is collected and can flow through series of real-time or demand-based computational, analytical or event-processing functions, many of which will be cloud-based. An SDN-enabled cloud network allows flows to be programmatically routed through the proper services.

• Underlay Network and Cloud Agnostic: The IoT represents billions of connected devices running anywhere in the world across any type local connections. Virtual network overlays extend across any cloud datacenter and run over any local connection.

• Borderless Admission Control: Because the IoT is really an ecosystem of interconnected organizations, people, processes and devices, there is no well-defined border. As a result, control of the devices, organizations, users and flows admitted onto the network must be an integral function.

• Network Service Virtualization: The IoT requires network services to ensure security, visibility, compliance and control of connected devices, users, processes and data. Since such intelligence on every connected device is not viable, the IoT requires virtualized and distributed network services that can be deployed anywhere and “in-line” with data flows.

• Security at Scale: Enterprise IT organizations may deal with an attack surface of hundreds of thousands of devices. A single IoT network of connected devices can represent an attack surface of millions of devices. Cloud networks that incorporate deep packet inspection, Network Service Virtualization and policy can take advantage of the cloud’s low-cost computing and big data infrastructure to provide a wide range of advanced security functions.

–
The IoT represents a massive, disruptive opportunity that will have far reaching implications. It’s not just about connected devices, but rather an entirely new interconnected ecosystem of information stakeholders and processes that will require a network of clouds and cloud-based, service-rich virtual network overlays in order to be fully realized. This new networking paradigm is already taking shape as companies begin fusing cloud, SDN and Network Service Virtualization into secure, scalable and agile cloud networks.

About the author: Todd Krautkremer is a vice president at Pertino, a company that provides network services virtualization products and services. 

feature image by tinkerlog via photopin cc