In light of those figures, it’s not an exaggeration to talk about an impending explosion in the number of connected devices, and industry experts and consumers alike are eagerly awaiting fridges which alert us when we’re out of milk, central heating we can control remotely with smartphones, and cars which will be as much tools for streaming entertainment and communication as they are a means of getting from A to B.
The IoT will probably represent the biggest change to our relationship with the Internet since its inception. But first, we need to work out how it’s going to become reality on such a vast scale. Clearly, adding these billions of devices to networks is going to have a knock-on effect, yet there’s been relatively little commentary dedicated to the question of how the IoT is going to be delivered in practical terms. This means asking what the IoT means for networks and IT departments, and how we’re going to ensure that it’s sufficiently secure.
To investigate what this exponential growth in connected devices will mean for enterprise networks and the people who manage them, Infoblox commissioned an independent survey of 400 network professionals in the UK and US. The results revealed that the majority of businesses have the beginnings of an IoT infrastructure in place, with 78 percent of respondents reporting that they have “things” such as networked badge readers, cash registers and vending machines on their networks. 73 percent reported the existence of connected devices security such as CCTV and other surveillance systems on their networks.
The security challenge
So far, so good. But the survey also revealed that almost two thirds of respondents (63 percent) believe the IoT to be a threat to network security. With so many new objects and IP addresses, it’s imperative that network teams are able to identify and audit what’s on their network at any given point. Managers must also consider that all these devices and IP addresses are potential weak points in an organisation’s IT infrastructure.
We also found that very few IT organisations have deployed IoT-specific infrastructure, such as dedicated networks or management systems – only 35 percent of respondents said they have done so. In many cases, no dedicated network infrastructure exists for IoT devices, so 46 percent of respondents reported attaching them to their corporate networks. This has clear security implications in light of the fact that every connected device is a potential entry point for malware.
30 percent of the organisations surveyed have taken a different route, choosing instead to create a separate logical or physical network for “things.” Other businesses simply dump IoT devices on existing guest wireless networks, which provide the Internet access required by many connected devices. However, guest wireless networks usually don’t allow access to internal resources (Domain Controllers, database and file servers and the like), which other IoT devices need. In addition, they provide little or no authentication, unpredictable performance, and no prioritisation of traffic, all of which are required by some categories of devices. These facts make guest networks impractical for some IoT deployments.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.