IoT Security & Where Virtualization Fits In

If you’re building a city-wide or utility-wide smart network based on IP, you’re building an Internet of Things. And if you’re concerned about the security of the data being transported around that cloud, then you need to think very carefully about how to make it safe.

There will likely be very many endpoints in that network, and the networking infrastructure and protocols you use in the wide area and in the data center may be more susceptible to attack than the dedicated, hardened versions you might have used in the days of bespoke networking.

Even in the broader Internet of Things (IoT), the consequences of security breaches could be more directly serious than simply loss of data. Imagine your connected car is the victim of a hacking attack. Or your home’s garage door has been opened remotely by someone standing outside who has just penetrated your home network because there was no WiFi encryption on the connected kitchen appliance you bought last week.

It’s not surprising that IoT security is rising up the agenda of the big network equipment vendors. In March 2015, Ericsson launched a new suite of data-centric security offers in partnership with Guardtime, specifically aimed at industrial and other critical infrastructure applications.

In June 2015, Cisco announced how it could embed security throughout the extended network (endpoints, data centers and the cloud) to help address IoT security concerns.

Virtualization is significant here. IoT requires consideration of which functions are best carried out on distributed devices, versus those that are executed centrally in the cloud using virtualized resources. And security appliances are becoming virtualized.

Cisco has virtualized its Adaptive Security Appliance so that it can be deployed on standard hardware or on its routers. And there are very many vendors of security devices that have been there before Cisco, producing virtualized firewalls and other security systems -- for example, intrusion prevention systems and advanced threat detection -- for deployment in the data center or on distributed infrastructure. Cisco’s ASR 9000 series routers are hardware on which virtualized security products from Arbor Networks can be deployed.

Security is a multifaceted topic, and security experts talk in terms of validating and improving overall security continuously with a recursive approach. Security must be addressed at many levels simultaneously. At the moment, the appropriate security architecture for the IoT is not known. But there is acceptance that security must be addressed through application-data integrity and traffic monitoring, robust interfaces and protocols, and hardened hypervisors and chip microarchitectures.

The new Heavy Reading report "Security in a Virtualized Network Environment" considers how virtualization changes the state of security in telecom, both from the perspective of carriers' own network security and the opportunities that arise to deliver managed security services to business customers.

The report digs into the challenges of securing virtualized and hybrid network environments, as well as the approaches, solutions and products that are being suggested and deployed. It reviews the supply-side landscape for relevant products and profiles 14 leading suppliers, ranging from large network equipment providers to smaller specialists.

— Danny Dicks, Contributing Analyst, Heavy Reading

Susan Fourtané 10/13/2015 | 5:58:03 AM
Re: Warnings of a security update nightmare..... Phil, if nothing ever worked all the security companies would lose their customers, right? I spoke with several of them, and attended a good number of presentations. The fact that there are so many companies devoted to IoT security also keeps the bar high. This will keep them updating and improving their products and services if they want to remain active in business. -Susan
mhhf1ve 10/12/2015 | 3:42:42 PM
Re: Warnings of a security update nightmare..... DannyD, Thanks! I hadn't heard of the Ericsson project. I was thinking of IBM and its ADEPT demonstration (with Samsung, I think). But clearly, blockchain verification has the potential to solve most of the security issues surrounding zillions of interconnected devices that need a way to share trusted/verifiable updates and commands in near real-time. 

It's nice that we have a solution to the Byzantine Generals problem... but perhaps IoT will need a less resource intense solution to scale to billions of nodes without consuming a wasteful amount of energy. Maybe quantum computing won't be overkill.. :P 
DannyDicks 10/12/2015 | 4:25:45 AM
Re: Warnings of a security update nightmare..... Ericsson and Guardtime are proposing blockchain security for cloud services of various kinds http://www.ericsson.com/news/1853499
mhhf1ve 10/12/2015 | 1:13:39 AM
Re: Warnings of a security update nightmare..... I recall that there was a proposal to use a blockchain protocol to keep IoT updates secure and verified. So quantum encryption might be a bit overkill.
Phil_Britt 10/11/2015 | 3:44:01 PM
Re: Warnings of a security update nightmare..... Susan,


Though there were a lot of booths, typically, there's a lot of show, not a lot of meat. Look at all of the vaporware developed in the last couple of decades. Even "working" software doen't work as well as advertised -- Lifelock founder no longer posts his Social Security Number.
Susan Fourtané 10/11/2015 | 9:04:56 AM
Re: Warnings of a security update nightmare..... mhh, I attended the IP Expo Europe in London last week. I believe I saw more security booths and security presentations than anything else. Maybe quantum encryption is the way to go. -Susan
mhhf1ve 10/9/2015 | 8:57:46 PM
Warnings of a security update nightmare..... The IoT has, among other things, also brought about warnings that if you don't like managing security updates on your desktop/laptop/etc -- you're really not going to like managing your fridge/toaster/garage door/etc. And how will all of these devices even get reliable software updates? Most manufacturers are NOT prepared to maintain software with security updates -- especially for toasters or dishwashers. Even car makers are just getting up to speed on zero-day exploits. It took GM a decade to patch some security exploits found by researchers (and withheld from publication). Some "security researchers" won't be so nice to withhold publication -- as Jeep found out recently.
Sign In