This article originally appeared in CCA Voice and is republished here with permission.
With promises of unbounded opportunities for convenience and efficiency, the internet of things (IoT) is a full-fledged craze in the business world. But what’s often overlooked in this enthusiasm is that the “I” in IoT is also an internet of shared data and networks. As a result, we are dangerously reliant on public internet connectivity to underpin many of the IoT’s new services, without fully grasping the security implications.
The public internet was never designed to be a secure environment. It was originally conceived as a network with built-in redundancy for academics to share data within a known community, not protect itself from unknown users and malicious actors. Consequently, from a security standpoint, it’s become more of a best-effort network than a best-in-class network needed to ensure the confidentiality, integrity and availability of today’s transactions, and this poses a profound systemic risk.
Systemic risk of public internet
Unlike a targeted threat that jeopardizes one element of a company, a systemic risk can bring an entire operation to a halt and cause total failure. Put simply, many businesses continue to face this systemic risk by relying on the public internet to connect to hosted cloud services and support their adoption of the IoT in pursuit of new opportunities.
Among the many online risks businesses must face, malware and ransomware, data thefts and breaches, and distributed denial of service (DDoS) attacks have all become threats to cloud- and IoT-focused companies relying on the public internet. And the world has now seen even greater cyber calamities, like cloud-based cryptojacking, cloud ransomware, and DDoS attacks on an unimaginable scale, generating terabit per second volumes of malicious traffic that were previously thought impossible.
Rise of the IoT
At the same time, advancements in miniaturization and mobile technology have accelerated IoT adoption. This explosion of devices able to collect and transmit massive amounts of data poses a systemic risk for all those sensitive transactions that need to happen at the speed of business. With everything connected to the internet hypothetically vulnerable to being hacked, millions of new IoT devices designed and produced without any meaningful attempt to secure them will become subject to potential compromise.
This growth raises the stakes exponentially for unsecured (and unsecurable) networks, and calls into question previous risk acceptance decisions for connecting business systems to the public internet. Since the IoT’s entire premise is built upon connectivity, an attack that exploits or compromises this connectivity has the potential to wreak unprecedented havoc.
Private, isolated networks
As businesses explore new opportunities for the IoT, they must acknowledge that the public internet is no longer fit to provide the global connectivitythat is imperative to fulfill its promise. Instead, the use of a private, isolated network has emerged as an alternative and more practical answer to protecting online transactions in an age when the IoT is creating greater risk. This private network can minimize business risk by running devices and processes completely independent from the public internet.
In order to do this, the private network must have four qualities:
- Privacy and isolation from the public internet in order to protect valuable data and assets.
- Connectivity global in scale but flexible enough to address specific vertical market needs.
- High capacity, high speed, and low latency to meet the needs of new use cases.
- Ability to view and manage all members of a network environment.
A future built on security first
The rapid proliferation of IoT devices that are dependent on the public internet is opening a new era in connectivity – and vulnerability. As businesses seize the opportunities of this era, they risk leaving their commercial data exposed to a public internet never intended for that purpose. Ultimately, smart companies that want to conduct business and transact at speed with the highest security and privacy must integrate the use of a private, isolated network to protect their data.
As Senior Vice President and Chief Security and Risk Officer, Phil Celestini leads security and risk management across Syniverse, including adopting new technologies and building industry awareness of critical threats and opportunities arising from such areas as the internet of things, 5G, artificial intelligence, and blockchain. With a career spanning more than 35 years across government, law enforcement, and the military, Phil brings extensive executive leadership experience in security, risk, and compliance. From 1992 to 2018, he served as a Special Agent in the U.S. Federal Bureau of Investigation (FBI), where he was most recently Special Agent in Charge in Washington, D.C., and where he also served as the FBI’s senior representative to the National Security Agency and U.S. Cyber Command among other roles. In addition to his investigative acumen, Phil is an acknowledged expert in cyber and information security. He earned several commendations and community honors as FBI Special Agent, serving in positions of increasing leadership responsibility in numerous field offices, FBI headquarters, and on the National Security and Homeland Security Councils at the White House. Prior to his FBI career, he served as an intelligence operations officer in the U.S. Air Force. He received his bachelor’s degree from the U.S. Air Force Academy and a master’s degree in public safety leadership from Capella University.