No future For IoT Security Without Secure Access Service Edge (SASE)

Uploaded on 2022-05-31 in TECHNOLOGY--Resilience, FREE TO VIEW

Across the globe, the deployment of IoT devices is growing exponentially. It’s a phenomenon that just keeps accelerating. According to Ericsson and the Forbes Technology Council, by next year the number of IoT devices communicating through cellular networks is expected to reach 3.5 billion. 

With this IoT upsurge comes a huge data explosion. These devices are on track to generate 90 zettabytes of data in 2023, but security protocols have failed to keep pace. Most of these endpoints are exposed to the risk of unmanaged and poorly secured connectivity

The dangers Of Unencrypted IoT Traffic

A 2020 report by Palo Alto Networks revealed that 98% of all IoT traffic was unencrypted, and 57% of IoT devices were subject to breaches rated as either medium or highly severe. Connected devices have been edging their way into dangerous territory and are extremely exposed to cyberattack and criminal exploitation. Dangers include:

  • Eavesdropping and traffic sniffing: with unencrypted transmissions that allow attackers to read, steal and alter messages.
  • DNS poisoning: where compromised public Domain Name Systems divert device communication to false application servers instead of legitimate ones. 
  • Calling home: when malware or third-party firmware calls home and sends data to third parties without the user’s knowledge.
  • Distributed Denial of Service: whereby a server is congested and becomes unavailable for the intended traffic, as the attacker overloads it with influxes of redundant requests. 
  • Unprotected SIMs: because devices deployed in public areas are prone to SIM theft for free data usage on another device, or worse, unauthorized access to a platform.

That’s where SASE comes in. SASE, pronounced ‘sassy’, is a network security model proposed by Gartner in 2019. Secure Access Service Edge, to give it its full title, introduces a new architecture where networking and security functions are bundled in a cloud-delivered service.

SASE was developed to strengthen the shortcomings of centralised datacentres. And as IoT and internet-based traffic continues to soar, SASE allows businesses to use a centrally managed platform to streamline network integration, security, and policy management of distributed devices.

Traditional IoT Connectivity Has Many Limitations

In traditional IoT connectivity models, communication access and authentication is driven by a service provider's home network. The traffic is first routed through the central home network, then breaks out through the public internet to the application location. 

This requires complex and dedicated endpoint clients to establish a VPN connection or SSL/TLS encryption between the endpoint and the central IoT application. As an additional challenge, standalone devices tend to rely on local configuration settings to control network activities.

With the needs of IoT, such an approach can reach its limitations fast. Devices are widely geographically distributed and data is dispersed across multi-region cloud and SaaS applications. Complexity and latency challenges become more prevalent and system integrity breaks down. 

But with SASE, enterprises have access to a cloud-native framework that matches emerging IoT requirements.

Reduce Complexity, Minimise Costs

SASE combines cloud-based, centralised policy management and local enforcement of identity-driven services, bringing a wealth of benefits to IoT users. Centralised policy management allows for large reductions in cost and complexity. Network security services can be consolidated with a single vendor, and businesses can enjoy a single view of all their device communications. 

Local enforcement means that network latency can be minimised, while also allowing IoT enterprises to comply with their customers‘ local data processing requirements. This all adds up to high-performance security at the edge. Plus, as legacy VPN is replaced with automated, cloud-native security features, there are fewer clients required on a device.

Reasons To Adopt A SASE Solution

When you’re considering using a SASE architecture, there are a lot of reasons to take the plunge. But there’s a wide array of network and security features available, which translates into vastly divergent offerings being provided by the different vendors. Here are some of the features you should evaluate when you’re considering a SASE solution for IoT.

Dynamic Data Routing with Software-Defined Wide Area Network (SD-WAN)
A SASE service combines network access and traffic optimization in a globally distributed infrastructure, comprised of multi-regional PoPs. There’s no need to divert traffic through a service provider’s home network, as access control and security policy enforcement is delivered as a cloud service.

Firewall as a Service (FaaS)
A cloud-based network firewall can act as a distributed line of defence, filtering out unwanted internet traffic and protecting edge devices and IoT applications. A network firewall eliminates illegitimate traffic on the connectivity layer, while legitimate targets can be whitelisted. This is far more robust than leaving the configuration to the edge device or the central IoT application.

Cloud Access Security Broker (CASB)
A CASB uses encryption to provide secure data transport into multiple cloud environments, which avoids eavesdropping and data thefts. Advanced solutions can establish automatic, private connections between devices and the user’s VPC using private static IPs and cloud-native services. As a result, data is securely brought into the cloud infrastructure without relying on the public internet.

DNS Security
Users can configure their trusted DNS service with a SASE solution, to help protect DNS integrity and availability. This means IoT enterprises with applications deployed in the cloud can use the private DNS server of their cloud infrastructure, which cannot be accessed via the public internet.

Threat Detection
Threat monitoring has to be central to security design, never an afterthought. Yet IoT devices often have limited processing capabilities, and malware detection software can be a burden. With SASE services, enterprises can enjoy complete network visibility and detailed event metrics, which helps detect and trace vulnerabilities in an IoT solution.

It’s Time To Get SASE

Though SASE architectures were originally developed to address changing enterprise security requirements for an increasingly remote workforce, SASE is highly relevant, even vital, to IoT deployments. 

As more and more IoT applications shift to the cloud, and devices become increasingly dispersed, the combination of cloud-native security tools, local policy enforcement and enhanced visibility makes SASE a winning use case. 

What are you doing to ensure your IoT environment is fully protected, secure and unexposed?

Martin Giess is CTO and co-founder of EMnify

You Might Also Read: 

Three Vital Concerns For Companies Running Hybrid Cloud Environments:

 

« Can A Cybercrime Convention For All Be Achieved?
Twitter Fined $150m For Selling User Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

National Cybersecurity Hub - South Africa

National Cybersecurity Hub - South Africa

The mission of the National Cybersecurity Hub is to be the central point of collaboration for cybersecurity incidents in South Africa.

Ensign InfoSecurity

Ensign InfoSecurity

Ensign InfoSecurity is Southeast Asia’s largest pure-play cybersecurity firm.

GulfTalent

GulfTalent

GulfTalent is the leading job site for professionals in the Middle East and Gulf region covering all sectors and job categories, including cybersecurity.

Rezilion

Rezilion

Rezilion is a stealth mode cyber-security start-up developing a cutting edge technology that makes cloud environments self-protecting and resilient to cyber-attacks.

Keyless Technologies

Keyless Technologies

Simple, secure, and interoperable authentication. Keyless offers unmatched security, privacy and usability, while reducing risk and infrastructure costs.

Ukrainian Academy of Cyber Security (UACS)

Ukrainian Academy of Cyber Security (UACS)

UACS is a professional non-profit public organization established to promote the development of an extensive network and ecosystem of education and training in the field of cyber security.

Cord3

Cord3

Cord3 delivers data protection, even from trusted administrators – or hackers posing as administrators – with high privilege.

Digital Identification & Authentication Council of Canada (DIACC)

Digital Identification & Authentication Council of Canada (DIACC)

DIACC is a non-profit coalition of public and private sector leaders committed to developing a Canadian framework for digital identification and authentication.

AirEye

AirEye

AirEye is a leader in Network Airspace Protection (NAP). Block attacks against your corporate network launched from wireless devices in your corporate network airspace.

BugDazz

BugDazz

BugDazz pentest as a service (PTaaS) platform helps bringing in real-time results, detail coverage, & easy remediation workflows with compliance-ready reports.

r00tz Asylum

r00tz Asylum

r00tz Asylum is a nonprofit dedicated to teaching kids around the world how to love being white-hat hackers.

Banyax

Banyax

Banyax provides 24×7 real-time Cyber Defense Center Services using the latest technology tools to provide state-of-the-art defense.

Gotham Security

Gotham Security

Gotham Security delivers high-quality penetration testing, malicious adversary simulation, compliance program development, and threat intelligence services.

Anjuna Security

Anjuna Security

Software from Anjuna Security effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud.

Endari

Endari

Endari specializes in building cybersecurity maturity within the operational DNA of early-stage startups and SMBs.

Cypherleak

Cypherleak

Cypherleak provide Automated Cyber Risk Monitoring & Ai powered cyber recommendations.