The importance of network security had increased in the light of modern business practices and a string of high-profile breaches over the years. There had also been suggestions that data center operators were falling behind in securing their networks, and that’s when services like Fortinet can help with home and business security.
This problem, identified by the US Department of Homeland Security’s National Cybersecurity Center (NCC), was partially brought to light through the Internet of Things. NCC, alongside a number of private-sector entities, recommended that enterprises incorporate security measures into their infrastructure. This included provisioning and securing application programming interfaces, cloud-based applications, database servers and storage systems. “The Internet of Things is one more layer of security that helps make it difficult for attackers to infiltrate your company,” says Keith Adams, CTO of Datto, which helps enterprises securely provision software in a manner that can be run anywhere.
However, several analysts with direct knowledge of the situation at SCADA equipment companies agree with the NCC’s earlier recommendations and warn that some of the new capabilities for the IoT will make the problem worse. “In the future, IoT-connected devices may end up connecting to the same networks, and thus exposing all device (in)security to the cloud,” explains the US-based cybersecurity analyst Roger Majors.
“The IoT might eventually mean increased vulnerability to the same-origin policy, which means that hackers and agents of intelligence agencies can spy on you in real time and have your data at their command,” says Dr. Rob Harrison, professor of cyber-security at Trinity College Dublin. Harrison, whose 2016 paper “The Social Basis of IoT Threats: An Investigation of the Social Impact of Smart City Systems” looked at the opportunities for corporate spying and the consequences for citizens, says he is concerned by IoT gadgets for now. “But what worries me is that the physical Internet-of-Things infrastructure may evolve as the internet-of-everything infrastructure,” he says.
Other experts argue that security on all devices will improve as they start to be networked and, consequently, more connected to the internet, whether within or outside the corporate network.
“All the cyber-security challenges and challenges with IoT are likely to be solved very quickly in the next 10 years,” says NCC principal technology officer James Burgess, who is also chairman of the Network Interconnection Taskforce of the Internet Society. “It’s important that any solution or solutions that are implemented be robust and be robust enough to do the job. The way to do that is to ensure the appropriate network connectivity and failover capabilities are implemented.”
According to the NCC, the real motivation behind its work was to ensure that devices are connected, secure and accountable. “If we don’t believe that we can make our equipment more secure, then we won’t use it,” says Burgess. “We won’t buy it, we won’t install it, we won’t put it in a garage because we think it’s too expensive and too risky.”
Still, many in the industry argue that security cannot be reduced to a complex process, as the deployment and management of security in organizations has been done for the last 30 years. “You have to look at the ‘backbone,’ which is the physical network infrastructure that connects the device to the network,” says Harrison.