IoT and the New Security Model

By Special Guest
Chris Crosby, founder and CEO, Compass Datacenters
February 14, 2017

By any measure, IoT represents an evolutionary leap in the collection, processing, and actionability of data. A recent study by Business Insider predicted a 41 percent CAGR for new IoT installed devices over the next four years. Gartner estimated that this rate of growth will culminate in 24 billion IoT connected devices by 2020. These projections would seem to be supported by the results of a survey of 5,000 businesses worldwide included in an AT&T Cyber Security Insights Report. Over 85 percent of responding companies said that they were implementing or planning to implement IoT solutions.

Implementing IoT: A Security Disjoint
The nature of IoT operations increases the potential points of network vulnerability. For many companies, the enthusiasm for the benefits that IoT can provide may outstrip prudent planning. For example, the AT&T Cyber Security Report cited earlier found that although 85 percent of companies that it surveyed were moving “full steam ahead” on their IoT efforts, only 10 percent said they felt confident that they could secure their networks against hacking. In some circles, this is known as a “leap of faith.”

The Current State of Security
As you would expect, the security structures that protect today’s data center-based networks vary widely depending on the perceived needs of the organization. Firewalls and VPN may be more than sufficient for some, while others incorporate both internal and externally provided functionality to ward off potential intruders. In the majority of instances, the security structure used is a function of the sensitivity of information, the availability of resources, both financial and human, and the applications that are supported. Increasingly, the data processing demands of applications such as small packet, high volume IoT and large rich packet applications (video) are expanding network scope and pushing processing and access points ever closer to customers (and further away from more traditional centralized security implementations). Thus, the risks associated with performance and the proliferation of potential points of access malicious intruders increase accordingly. As a result, security requirements must become more sophisticated to address a much broader spectrum of unauthorized seekers of access and using an ever-changing array of intrusion and/or interruptive methodologies.  The dynamic nature of these potential network threats will increasingly demonstrate the difficulty of many existing IT departments to keep pace. The need for specialized tools, techniques, processing capacity, bandwidth/throughput, certifications, Increases exponentially and is completely dynamic in the latest trends and techniques in the black art of hacking. A more effective solution and its implementation will most likely be via a third party rather that attempting to build and internal team of security specialists. In essence, an outsourced security service delivered via the cloud/SaaS model.

The New Outsourcing Model
Whereas outsourcing of security has previously been characterized by a conglomeration of vendor provided services and equipment procured as part of one or more annualized contracts, this structure is unsustainable moving forward. The rapidity of both the availability of new applications and the methods used to exploit them make “nimbleness” the underlying foundation for the new outsourcing model. Delivered via cloud/Security as a Service methodologies offered by providers such as StackPath, customers will no longer “bolt on” security capabilities on an ad hoc basis to their networks, but rather, integrate the necessary components into their operations on an “at will” basis. Under this new structure, new capabilities are easily added, as they are developed by the provider, to enable users to inoculate themselves from new threats as they arise. End users will also gain a level of flexibility that is impossible under the current security paradigm as the lack of long-term agreements will enable them to move between providers as necessary, in response to the movement of key provider personnel, for example.

The speed and complexity of data center-based applications is a double-edged sword in that a wealth of new opportunities also presents a number of enticing targets for hacking and malicious service disrupting attacks. For many enterprises, the emergence of additional security risks outstrips the expertise of their personnel, and the number of trained professionals in these areas is currently dwarfed by demand. As a result of this disparity between supply and demand, enterprises will increasingly require firms to outsource all, or portions, of their security operations to fill this void. "Cloud/Security as a Service" offerings will offer them the nimbleness and flexibility required to operate in increasingly demanding environments where innovation will often be married to enhanced threat potential.

About the Author: Chris Crosby is the founder and CEO of Compass Datacenters and a former senior executive and co-founder of Digital Realty Trust. He is one of the most respected voices in the data center industry, with more than 20 years of technology experience and more than 15 years of real estate and investment experience. His prior roles included work for Proferian (an operating partner for the GI Partners portfolio), CRG West (now Coresite) and Nortel Networks.

Edited by Ken Briodagh

Related Articles

SDN Strategies for IoT Security

By: Ken Briodagh    4/19/2018

The potential for widely distributed IoT devices to streamline operations is vast, but so are the security implications. A new webinar from Cradlepoin…

Read More

TTM Completes Anaren Acquisiton

By: Ken Briodagh    4/19/2018

TTM Technologies, a global printed circuit board (PCB) manufacturer, announced that it has completed its acquisition of Anaren for $775 million.

Read More

Bosch, RTI, Huawei, and Dell EMC Confirmed as New Leadership of IIC

By: Cynthia S. Artin    4/18/2018

The Industrial Internet Consortium (IIC) has recently held its bi-annual Steering Committee elections and now brings new leadership to the helm.

Read More

Marni Walden, Former Verizon Executive, Named New Globetouch Board Chair

By: Ken Briodagh    4/17/2018

A former top executive at Verizon, Walden will lead Globetouch's Board of Directors as the company further solidifies its position in the IoT market

Read More

Siemens and Octo Leverage SAS to Improve Patient Care and Driver Safety

By: Ken Briodagh    4/16/2018

At SAS Global Forum, Cisco, Octo Telematics and Siemens Healthineers talk about how they leverage and partner with SAS to enhance operation with IoT a…

Read More