Manage Learn to apply best practices and optimize your operations.

Internet of Things security requires more than a single-vendor strategy

When it comes to Internet of Things security, we'll need a new data model that depends on context-aware policy. That won't come from one vendor alone.

Editor's note: This is the second in a two-part series on managing the Internet of Things. In part one, we examined the need for SDN and orchestration to manage explosive network growth. Here, Open Networking User Group board member Lane Patterson discusses the need for new strategies in Internet of Things security.

With the possible exception of the boring old mainframes and systems network architecture that IBM used to build, security has been a perpetual afterthought in information technology. Firewalls, SSL encryption, IPsec tunnels -- none of these were envisioned by the architects of TCP/IP or the Web. They are bolt-on additions that more or less target anyone. As such, it's always a struggle to keep sensitive data safe on today's networks.

Previously, I talked about the need for SDN and high-level orchestration capabilities in the new Internet of Things (IoT) to deal with a one to two order of magnitude increase in the number of devices on the connected Internet. Cisco predicted 50 billion devices by 2020, while Gartner said 26 billion, excluding phones and PCs. But the challenge in supporting IoT doesn't stop there.

In a world where every streetlight, water system, car and home is on the Internet, hackers see a dream come true. As we move from a few billion connected devices to tens and hundreds of billions, the opportunity for everything from mischief to cyber-terrorism escalates. To that end, Cisco issued a challenge at this year's RSA show with a $300,000 prize to come up with workable schemes for security.

On the Open Networking User Group (ONUG) board, we applaud Cisco for its foresight, but this isn't a single-vendor problem, and it's probably not one that'll be solved by a contest. One of the primary reasons that we think SDN must be tackled by open working groups is that security must be baked in to networks, and must be seamlessly functional, regardless of the equipment manufacturer.

It's likely the solution will be a function of an overall data model, which includes contextual awareness for data consumers and producers. Intel calls this "context-aware computing," and it encompasses an assessment of who, what, where, when and why data is being requested. Intel, too, can't solve this problem alone. Unlike desktop computing, no single vendor will dominate the IoT. Companies ranging from GE and IBM to Texas Instruments, Broadcom, QUALCOMM, ARM and Intel, will all be playing right alongside the networking vendors like Cisco, HP, Brocade and Juniper.

All of these players and many more have important roles in developing a functional, secure and reliable IoT. But perhaps the most important will be the companies, government agencies and consortia that represent the actual users on IoT. These are the experts who've had to live with the bolt-on security strategies of the past four decades, and who must now ensure vendor parochial interests do not trump the need for strong open security schemes.

This is ONUG's primary mission: to give large-scale users of networking technology a voice in the development of next-generation systems. Creating an IoT that lives up to its potential without becoming a panacea for hackers will be no simple task. It'll take the best minds in the industry, and many of those minds aren't employed by vendors.

ONUG Spring 2014 will be held in New York City, May 5-6.

About the author:
Lane Patterson is on the ONUG Board of Directors. After serving in many roles in telecom and Internet companies, Patterson joined Equinix in 2000 and is currently our chief network architect. Prior to joining Equinix, Patterson was director of IP network management systems for Global Crossing Inc., where he supported a global IP backbone and first-generation content distribution centers. At Metropolitan Fiber Systems, he lead operations of mid-Atlantic Frame Relay, ATM and related data networking services, as well as the MAE-East Internet exchange point during the first wave of commercial ISP growth. Patterson has a deep background in the technologies related to telecommunications, Internet routing and data center computing infrastructure.

Patterson received a B.A. in Physics from Cornell University and an M.S. in Computer Science from Johns Hopkins University.

Next Steps

Seven risks to consider in the Internet of Things

Mitigating risk in the Internet of Things

The Internet of Things is not about products alone

The Internet of dumb, nasty things?

Dig Deeper on Internet of Things (IoT) Service Providers

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Really? More complexity on top of what already amounts to an unnecessarily complex approach? Sure, the devices/systems are different but the threats, vulnerabilities, and risks really aren't. Why not implement what we've known about for decades? It's more fun (and creates more job security) to go about it the hard way I suppose.
I wanted to read about this "context-aware policy" referred in the article, but the link is invalid. From what I understood, in the nutshell it's "an assessment of who, what, where, when and why data is being requested" - seems interesting, but how to implement and keep that up to date?