by Brian Kenyon
This article is the first in a two-part series. Read the second part here.
Resistance is futile. IoT is here to stay and enterprises have to prepare for the security implications.
Let’s geek out for a moment. When the original Star Trek debuted in 1966, the U.S. was still in a space race to land on the moon. Back then, it would’ve been impossible to envision how far technology has come and today’s complex business landscape — with employees working from multiple devices, connected via multiple networks, to hundreds of applications that reside across a mix of corporate data centers and cloud service providers – would have seemed like something out of science fiction. But, look around you today and you’ll see that the Star Trek universe has come to life. The universal translator? There’s an app for that; Stark Trek’s tablet computers were an early predecessor to the iPad; and Star Trek’s communicators look a lot like our ubiquitous smartphones.
As any trekkie can tell you, the final frontier – space – has no bounds. There are always new planets, species and more to explore. As with space, the network perimeter is ever expanding. While the new advent of connected devices and technologies is amazing, it also poses new challenges for organizations working to protect themselves from a growing number of cyber threats. As a universe that closely mirrors our own, Star Trek, can teach us lessons about this expanding network and IoT Security.
Don’t Get Stuck in The Past
Back in the “good old days” – say, around the time of the Star Trek Enterprise series (2001) — security technology focused on protecting the user and their data, which meant protecting his or her device and the network on which that device operated. Each user had one device connecting via one network to a central data center, tapping into a small set of approved applications. Challenging, yes, but relatively straightforward and entirely within the control of IT.
Fast-forward to 2016, and the new Star Trek Beyond movie, and the world has expanded dramatically. With the user and his or her data still in the center, the surface area for security has expanded across all three dimensions – devices, networks and applications – and there’s no going back to those simpler times. You can’t get stuck in the past – that is, unless you fall into a wormhole. Threats can emerge from anywhere, creating massive security risks and compliance challenges.
Traditional Tech Doesn’t work
The reason why Star Trek has been so popular and successful over a span of 50 plus years is that the series has evolved and adapted. The show’s writers have developed new plots and new villains, on top of increasing production quality. The same theory can be applied to modern day threats. As threats adapt to attack new endpoints, particularly IoT devices, so should you. Traditional technologies aren’t enough to fend off new-age threats.
For example, it’s a common practice to assign IP addresses to all sorts of IoT devices and sensors and then put them all together on a standardized network. However, today, organizations are seeing a change in usage patterns for their networks. Encrypted traffic via SSL now represents 50- to 70 percent of data flows – creating “blind spots” on corporate networks that can’t be monitored effectively or efficiently by traditional firewalls and network security products. When implementing new IoT devices and endpoints it’s critical to implement new technologies that can navigate these new threats.
Brian Kenyon is the Chief Strategy Officer at Blue Coat Systems.