This article was originally published in Light Reading and is republished here with permission.
It’s time to acknowledge that whenever we connect any device to the internet, we put ourselves, our device, and perhaps even our entire organisation in harm’s way.
High-profile cyber attacks are now a permanent feature of today’s IT landscape. Their volume and variety are such that any connected device – whether laptop, tablet, smartphone, sensor, home system, or connected car – is potentially vulnerable to malicious activity.
One of the root causes of this problem is that the public internet that every company uses is fundamentally unsecured. It was never designed to be a completely authenticated and secure environment, and every effort to make it one has been, at best, an adaptation. As a result, from a security perspective, it’s now more of a best-effort network than a best-in-class one.
For this reason and more, we’ve reached a point where we need a new model for network connectivity – one where we must break the habit of relying on the unsecured internet any longer.
New IoT Opportunities — and Threats
In particular, the arrival of the internet of things (IoT), and with it the proliferation of devices able to collect, send, and receive massive amounts of data, presents a systemic risk for companies that want to incorporate the IoT into their operations. The continual streams of data between connected devices, sensors, and cloud environments depend on secure connectivity to deliver the efficiencies, cost savings, and innovative business models that the IoT promises.
Businesses are eager to explore these new opportunities. At the same time, however, they face frequent and sophisticated cyber attacks through the public internet. While the IoT opens a range of new opportunities, it’s also exponentially expanding the attack surface for hackers.
For the IoT to be practical then, companies must face the reality that the public internet is unable to provide the level of secure global connectivity necessary for today and the future.
The Public Internet’s Risk-reward Conundrum
So why then do companies continue to risk using an inherently unsecured network to transport sensitive traffic?
On the one hand, it’s familiarity and habit. On the other, a lack of practical alternatives.
In today’s digital world, companies that want to do business have to use the public internet. They have to use it to give them the access and reach to communicate and exchange information with customers. Moreover, the public internet’s capabilities are essential for companies to access applications, storage systems and other resources that are increasingly cloud-based.
Flowing from this, use of the public internet has always posed a risk-reward conundrum. Companies that use it for sensitive transactions, or storing critical data, are taking a calculated risk. Yet, commercial necessity alone has been perceived as enough to outweigh the immediate hazards.
Secure Connectivity — up to a Point
Of course, companies and organisations aren’t completely helpless. They can apply security measures to connected devices and other end points, as well as their own network gateways. They can also encrypt their data while it’s in transit.
However, these measures only mitigate the risk of data theft or malicious attack to a certain point. The lack of an alternative secure transport option prevents companies from further reducing and controlling the risks that their data faces once it leaves their network, or once their device connects to the public internet.
But it doesn’t have to be like this. Over the last few years, the advent of private, isolated IP networks means that companies and communication service providers can now break this habit and make the switch to a more purpose-built method of secure data transport.
New Breed of Network
A private, isolated network reduces the risk of attack or theft without compromising performance. This network can be utilized to minimise business risk by providing a high level of security from public internet threats; global but flexible connectivity; and better performance with higher capacity, higher speed, and lower latency.
Most importantly, by isolating connectivity from the public internet and conducting operations in a private environment, this network allows companies to move out of the danger zone. They can shield their users, devices, and data from malicious threats that proliferate across the internet through vulnerable end points and connections.
Breaking the Habit for Good
The rapid growth of IoT devices and applications is opening the next era in connectivity – and vulnerability. As businesses seize the opportunities of this new age, they risk leaving their commercial data exposed to a public internet never intended for that purpose.
Ultimately, companies that want to conduct business and transfer data with certainty, security and privacy must break their habit of relying on the unsecured internet. They must adopt a new network connectivity model with the use of private, isolated networks to protect and authenticate their data.
As Senior Vice President and Chief Security and Risk Officer, Phil Celestini leads security and risk management across Syniverse, including adopting new technologies and building industry awareness of critical threats and opportunities arising from such areas as the internet of things, 5G, artificial intelligence, and blockchain. With a career spanning more than 35 years across government, law enforcement, and the military, Phil brings extensive executive leadership experience in security, risk, and compliance. From 1992 to 2018, he served as a Special Agent in the U.S. Federal Bureau of Investigation (FBI), where he was most recently Special Agent in Charge in Washington, D.C., and where he also served as the FBI’s senior representative to the National Security Agency and U.S. Cyber Command among other roles. In addition to his investigative acumen, Phil is an acknowledged expert in cyber and information security. He earned several commendations and community honors as FBI Special Agent, serving in positions of increasing leadership responsibility in numerous field offices, FBI headquarters, and on the National Security and Homeland Security Councils at the White House. Prior to his FBI career, he served as an intelligence operations officer in the U.S. Air Force. He received his bachelor’s degree from the U.S. Air Force Academy and a master’s degree in public safety leadership from Capella University.