Let's talk

Keeping on top of the Internet of Things

26 April 2017

We all know the Internet of Things (IoT) is coming, but a recent conversation made me realise that for some of us, it's already arrived. A colleague here mentioned that he'd got something like 20 connected devices on his home network. That seemed a bit of a stretch, so he listed them. After we'd enumerated computers (5), phones and tablets (5), Kindles (2), Audio and TV kit (4), network hardware (4), IP cameras (2) and a printer, we'd arrived at 23 devices, all on a single home network.

Perhaps that's not typical, but the truth is it's hardly excessive. Pretty much every entertainment, computing and printing device wants on to the internet these days - some of our washing machines do, too. The result is a mish-mash of different manufacturers, types and vintage of gadget, all coexisting behind a simple home firewall.

Perhaps your typical home network has 10 or 12 devices. Do you check that every router, camera, computer, printer, DVD player or even light bulb is on its latest software or firmware release? Did you change their default passwords? Are any remote services locked down? Did you disable UPnP? WPS? Do you have the time and the knowledge to ensure you haven't been hacked?

If, like my colleague, you're quite technical, the chances are you're on top of it, but spare a thought for the casual user who gets a router from their ISP, connects everything to its wireless network and assumes they're going to stay safe. And spare a thought for the IT managers and network engineers of this world, because it's a problem they're about to be dealing with a hundred-fold.

So many things

Gartner predicted that, by 2020, there would be 26 billion things connected to the internet - and that's excluding conventional devices like computers and phones. It's a safe bet that the bulk of those are going to be in the developed world, enabling our smart homes, cars, workplaces and infrastructure. If you own or manage a network, they're going to be on it - maybe in their thousands.

The IoT is going to be a new chapter in innovation, collaboration and communication, but this sheer number and range of devices opens us up further to industrial-scale hacking, IP theft or security exploits. And looking at the number and scale of corporate data breaches to date, it's fair to say that organisations aren't starting with a great track record.

So what can we do? I recently wrote about Cisco's Campus Fabric, and how TrustSec lets us introduce microsegmentation of the network for users, devices or apps. While the technologies involved aren't yet widespread, I see a best practice emerging where - among other measures - we might keep different classes of IoT device both separate from each other, and separate from our core business networks.

The IoT will give us a lot more to manage, and we'll be more dependent than ever on the increasing intelligence of the network itself. We'll need its help: the scale and interconnectedness of things will doubtless throw up new attack vectors and challenges. You might have a beautifully locked down corporate network, but your systems and policies will also need to cope with things like your colleagues' home networks, their fresh-out-of-the-box ISP router, and the explosion in risk now connected to it.

We're already helping customers build effective strategies for the Internet of Things. If you want a partner with the experience and technologies to manage its increased complexity and risk, get in touch.


Header image: Mike/Flickr, Creative Commons