This article was originally published in ITProPortal and is republished here with permission.
The issue of security for today’s rapidly growing internet of things (IoT) is not a new one. However, much of the discussion has focused on device security and data security for individual companies. Until now, there really hasn’t been an analysis of the single thing that makes the “I” in “IoT” tick – the internet, or more specifically, the public internet.
In fact, from a security perspective, the public internet has always been more a best-effort network rather than the best-in-class network needed to ensure the confidentiality, integrity and availability of today’s transactions. It was originally conceived as a network with built-in redundancy for academics and researchers to share data, not protect or authenticate access to it. In short, it was never designed to be a secure environment.
This has come into sharp focus in the last few years, with cyber calamities like DDoS attacks on an unprecedented scale. These attacks have changed the rules of the game, taking down business web servers worldwide and hitting some of the world’s largest banks, retailers, media companies, DNS providers, social networks, and news outlets.
As a result, with the increasing level of business transactions being put online and the rise of a new ecosystem of automated processes emerging from the IoT, the public internet has reached a tipping point that now presents a distinct systemic risk that companies must address more urgently.
A Growing Systemic Risk
Unlike a threat that jeopardizes one segment or department of a company, a systemic risk is one that can bring an entire operation to a halt and cause a total failure of a business. And this is precisely the risk that many businesses continue to take by relying on the public internet.
Specifically, the public internet presents a systemic risk to businesses in two ways: connectivity to hosted cloud environments to both use and provide existing services; and connectivity to IoT processes to pursue evolving business opportunities.
If, for example, you’re a manufacturer that wants to share sensitive engineering data with your overseas suppliers, you need connectivity. Or if you’re a cargo shipping firm that wants to track your customers’ valuable goods when they land in port, you need connectivity. And if you’re an airline that wants to share private passenger data with car hire and hotel firms, you need connectivity. This connectivity all comes from the public internet.
And all this needed connectivity is adding up to some huge amounts of data – and risk. Just one second on the internet now, according to Internet Live Stats, includes over 54,000 Google searches conducted and more than 2.5 million emails sent. By moving more and more data online, businesses are heightening their reliance on the public internet and increasing the exposure of their data to potential risks.
A Losing Battle
Despite efforts to encrypt and secure data, attacks are still on the rise.
In fact, 2017 was the worst year in recent memory for cyberattacks. According to a report from the Online Trust Alliance, there were 159,700 cyberattacks targeting businesses. What’s more, although spending on cybersecurity is expected to exceed $1 trillion from 2017 to 2021, the cost of cyber-risk is already estimated to be in the range of trillions of dollars per year, and hit $6 trillion a year by 2021.
Critically, a rapidly growing attack surface is being created by IoT transformation, presenting a host of new doors for hackers to unlock. Most companies moving into cloud and virtualized environments are not currently equipped to protect sensitive information and need to be able to move data and provide services in a private and secure manner.
As a result, as businesses explore new opportunities and use cases for IoT, they must come to terms with the fact that the public internet is no longer fit to provide the reliable, robust and secure global connectivity that is imperative to fulfill the promise of IoT.
A Private, Isolated Network
IT decision makers need to recognize that in order to adopt IoT and cloud services as part of their digital transformation strategies, the systemic risk of the public internet must be squarely addressed. But solving the problem is reliant on educating companies on the risks of continuing to utilize the public internet and offering them realistic solutions.
In the last several years, the most effective answer that has emerged to this problem has been the deployment of a private, isolated network. As its name implies, this network minimizes business risk by running completely independent from the public internet.
In particular, a private, isolated network enables businesses to meet four criteria that are vital to the new demands of the IoT era:
- Security, privacy and isolation from the public internet in order to protect valuable corporate and public data and assets.
- Connectivity global in scale but flexible enough to address specific vertical market needs.
- High capacity, high speed, and low latency to meet the needs of new use cases.
- Ability to view and manage all members of the network environment.
The last of these is particularly crucial, because it pertains to knowing not just the rights and privileges of the devices accessing a network. It means authenticating that individuals or machines behind the keystrokes or commands are exactly who or what they are supposed to be.
The rising level of business done online and the promising new world of IoT processes have raised the stakes for the safeguarding of today’s business data to an all-time high. In an age when the public internet increasingly presents a systemic risk, companies that want to conduct business and transfer data with certainty, security and privacy cannot rely on it.
They must make it an imperative to integrate the use of private, isolated network to protect and authenticate their data and processes. As businesses seize the opportunity of the IoT, they risk compromising their data on a public internet never intended for that purpose.
As Senior Vice President and Chief Security and Risk Officer, Phil Celestini leads security and risk management across Syniverse, including adopting new technologies and building industry awareness of critical threats and opportunities arising from such areas as the internet of things, 5G, artificial intelligence, and blockchain. With a career spanning more than 35 years across government, law enforcement, and the military, Phil brings extensive executive leadership experience in security, risk, and compliance. From 1992 to 2018, he served as a Special Agent in the U.S. Federal Bureau of Investigation (FBI), where he was most recently Special Agent in Charge in Washington, D.C., and where he also served as the FBI’s senior representative to the National Security Agency and U.S. Cyber Command among other roles. In addition to his investigative acumen, Phil is an acknowledged expert in cyber and information security. He earned several commendations and community honors as FBI Special Agent, serving in positions of increasing leadership responsibility in numerous field offices, FBI headquarters, and on the National Security and Homeland Security Councils at the White House. Prior to his FBI career, he served as an intelligence operations officer in the U.S. Air Force. He received his bachelor’s degree from the U.S. Air Force Academy and a master’s degree in public safety leadership from Capella University.