IoT device explosion challenges data center security

The billions of Internet connected devices in the IoT wave introduce new data center security concerns that IT managers must head off at the pass.

Whether it is a sensor mounted on a rover inside a mine or a sensor inside a car, the connected world of the Internet of Things presents new security concerns that data center operators are starting to tackle.

The data center has evolved from connecting to PCs, then BYOD and now, "who knows who brought the device," according to Joe Skorupa, an analyst with Gartner Inc., adding that the number of devices is extraordinary.

This year, research firm Gartner Inc. estimates 1.1 billion connected things will be used in smart cities alone. That number will balloon to 9.7 billion by 2020. 

Much of the enterprise infrastructure is not configured or scaled from the Internet of Things (IoT) perspective, said Mike Sapien, an analyst with Ovum, an independent consultancy firm based in London.

The data center will process large quantities of IoT data in real time, which will increase as a proportion of data center workloads, Gartner said, leaving providers to face new security and capacity challenges.

IoT data security begins with the network

The IoT introduces, for the first time in a widespread way, devices without a human behind it. While the security challenges of BYOD presented similar concerns, the many connected IoT devices magnifies it in scale, Sapien said.

One solution is to have an IoT network connected at just one point to your corporate network, and even consider using a different provider, Sapien said. An age-old example is the ATM network of the bank.

But today's IoT introduces thousands of new machine-to-machine relationships. Take pay-as-you-go insurance, for example, where devices in a car tabulate the miles traveled or the areas where the car goes to calculate the insurance charge.

"The insurance company is not going to put that on its data backbone," Sapien said.

Because many IoT devices will be owned by third parties, the control, risk assessment and mitigation will be outside of enterprises, according to Gartner, which will bring on a new set of vulnerabilities because many of the devices will be connected to enterprise networks.

Gartner recommends that data center managers understand that security must be integrated as part of IoT infrastructure and they should partner with industry device and platform manufacturers to succeed in this emerging marketplace.

Solutions to the security challenges of the IoT in the data center can be found for specific verticals, Sapien said.

Data center mangers should still be most concerned in coming up with a plan to respond to a breach from an IoT connected device.

"The ability to rapidly respond to a breach or threat is still a major challenge," Sapien said, adding that data center managers should develop a strong plan to isolate, remediate and remove the threat. "There could be hundreds of end user devices without a user that are attacking."

That's one of the big differences data center managers will face with the IoT -- unlike the mobile device management in a phone which can enforce proxy settings or remotely wipe the data on the device -- many IoT devices have nobody controlling the end point.

We are in the very early period of IoT; The security issues are there whether it is the IoT but the IoT just increases the security footprint.
Joe Skorupaanalyst with Gartner Inc.

In addition to the connected city -- which will grow nine-fold in the next five years -- some of those connected "things" are in the data center itself. The security system for a data center which used to be secure and separate may now be connected. Tools to monitor the data center environment are, or can be, connected to other machines.

"Every point of entry will spark someone's imagination," said Jeff Wilson, an analyst at HIS Technology.

While the processing power of a sole IoT device may be limited, the devices could operate with a swarm mentality, according to Gartner's Skorupa.

"We are in the very early period of IoT," Skorupa said. "The security issues are there whether it is the IoT but the IoT just increases the security footprint."

Wilson suggests two solutions -- monitor traffic for attacks or obscure the security network. For example, Tempered Networks has a product that creates an encrypted overlay network that obfuscates the data center's control infrastructure.

Most large data centers have been built in the past 10 years, Wilson said, noting that it is much simpler than a power plant, which may have a piecemeal security system built over the past 50 years, or longer.

Robert Gates covers data centers, data center strategies, server technologies, converged and hyperconverged infrastructure and open source operating systems for SearchDataCenter. Follow him @RBGatesTT.  

Dig Deeper on Internet of Things (IoT) Security Strategy