Securing the IoT Frontier

With Identity-Defined Networking, trust is based on provable, cryptographic identity

If you think secure networking is a formidable challenge now, wait until you run up against the reality of millions of Internet of Things (IoT) devices connecting to your corporate resources.

Yes, IoT has been hyped for years, but it’s rapidly taking shape and adoption is accelerating. Gartner says 8.4 billion connected things will be in use worldwide in 2017, driving hardware spending of $964 billion by businesses.

But for all their potential, IoT devices bring many significant (and still unknown) risks. IoT devices have already been used in a massive DDoS attack, and that’s just the beginning. Forrester predicts that “IoT-based attacks will likely continue to grow in 2018, including those on both devices and cloud backplanes, as hackers try to compromise systems for ransom or to steal sensitive information,” according to a TechRepublic report.

Unprotected devices

Many of these devices have little if any security protection, and if industry fails to address the issue, that’s going to invite regulators and legislators to step in. “Democrats are introducing legislation directing the Department of Commerce to set up a voluntary program to certify internet-connected devices with strong cybersecurity,” states an October 2017 story in The Hill, a publication that covers government and politics.

Let’s face it, security is often an afterthought in the rush to harvest new technologies. And the role of IoT in digital transformation is causing many businesses to push forward, hoping to forestall or at least keep even with competitors. How are they going to securely connect potentially billions of devices? It’s not practical or viable with today’s networking solutions that rely on TCP/IP addressing.

A better way to connect and protect

Securing IoT devices in end-to-end private networks can be done with technology based on the Host Identity Protocol (HIP), which can connect and protect devices that can’t network or protect themselves.

Using device-based cryptographic identities (CIDs), HIP devices are natively cloaked and invisible to hacker reconnaissance, and protected against DDOS, man-in-the-middle attacks, IP spoofing, and other types of network and transport layer attacks.

HIP resolves a fundamental flaw in TCP/IP that binds the identity and location of a device in an IP address. By decoupling these, the IP address functions solely as a resource locator, while the CID makes it possible to quickly and efficiently create secure network overlays that are invisible to hackers.

This enables organizations to transcend from address-defined networking to Identity-Defined Networking, where trust is based on provable, cryptographic identity. This is essential for the industrial IoT, where every connected device represents a new attack vector, increasing risk to the organization.

Securely connecting legacy equipment

With the first commercial implementation of HIP products and services, Tempered Networks is enabling businesses to embed provable identities in any IoT or Machine-2-Machine device. Its HIPswitches are being used to replace old IP radios and to achieve secure connectivity for kiosks, POS systems, HVACs, robotics, manufacturing, p2p web services, and other applications.

Physical HIP switches can securely connect legacy equipment that uses a combination of different protocols and topologies, or simply runs outdated or end-of-life software such as Windows XP.

The IoT holds great promise for many new business initiatives, and organizations shouldn’t have to hold back because legacy security schemes fall short.

To learn more about instantly provisioning and securing IoT endpoints, read this article.