Three steps for global IoT security
Three years ago, Gartner predicted that by 2020 there would be 20 billion connected ‘things’ in circulation. A lot has changed in three years. In fact, a lot has changed in the last 12 months, says Mikael Schachne, CMO and VP of Mobility & IoT at BICS.
The pandemic has meant an increased reliance on digital services and infrastructure by consumers and businesses. Embedding connectivity into ‘things’, connecting these to a global Internet of Things (IoT), and managing the connected assets, are key elements of this.
IoT business use cases are wide-ranging. A utilities company might want to embed connectivity into smart meters, for instance, to track energy usage and provide more tailoured plans for customers. A delivery company might want to provide real-time tracking information for consumers about their parcels. A manufacturer of remote patient monitoring devices will want to ensure that the technology can be used by healthcare providers anywhere in the world.
Managing security and complexity
In addition to embedding connectivity into assets, businesses must also effectively manage these assets. Arguably the most important element of this is managing IoT security. IoT devices are now responsible for almost a third of all security breaches observed in mobile networks, up from 16.17% in 2019, according to Nokia’s Threat Intelligence Report 2020.
Most IoT projects are based on complex ecosystems, involving numerous players and covering a range of use cases, across multiple access technologies and device layers. Every IoT layer is prone to different risks. This creates a broad range of threats, from data interception and impersonation, to location tracking, denial-of-service fraud and SIM swap.
Due to the scale and diversity of vertical sectors embracing the IoT, the potential impacts are severe. Imagine, for instance, a malicious actor taking control of endpoints in an industrial IoT setting a processing plant or smart grid.
Taking advantage of the opportunities that the global IoT presents must therefore involve not only embedding connectivity and managing these assets, but also investing in robust security measures.
IoT security can be strengthened in a number of ways. First, by leveraging a connectivity platform which provides asset management and security features. Second, via the use of a private IP Packet exchange (IPX). And finally, through increased collaboration and cooperation between all members of the IoT ecosystem.
- Adopt a connectivity platform
Connectivity platforms for IoT-connected assets are an easy way for a business in any vertical sector to launch and monetise an IoT proposition. They allow businesses many of which will not have a background in telecoms to troubleshoot problems with connectivity, integrate data with back-end systems, and track connected assets.
Importantly, platforms also offer a set of readily accessible security features. These include a network firewall, abnormal behaviour detection and alerts, fraud prevention, real-time geolocation of assets, and secure integration with back-end systems either via VPN or IPX connections.
Many organisations will be unfamiliar with managing connectivity of devices and managing the security associated with them. Connectivity platforms must, therefore, offer a pro-active approach to IoT security. What would this look like in reality?
Say you’re a logistics manager at a warehouse and you are tracking shipments of pallets to ensure they arrive at your warehouse, to then reach their end destination. A connectivity platform will not only allow you to view the location and connectivity status of all of your pallets passively, it will also actively alert you to potential issues. Traffic overloads on a network, loss of connectivity, or unusual activity patterns can all be highlighted. Alerts can then be sent via email, SMS or connected APIs.
The majority of IoT applications follow very clear patterns of use. For example, if a device that is supposed to send a report of 1MB once per week starts sending more data or more often, this can be an indication of malicious activity. Instead of waiting for you to take action, a platform can then automatically block or throttle traffic to stop cyber-attacks before they’ve had a chance to do substantial harm. And the potential for harm is huge. In 2021, cybercrime damages might reach $6 trillion (€4.94 trillion) equivalent to the GDP of the world’s third largest economy.
- Use a private IPX
Next, the IoT can be made more secure by using an IPX. IPX is a framework of services managed by international carriers, providing interconnect and roaming interworking for mobile operators and service providers. IPX covers data, signalling, voice and messaging, includes transport/proxy and hub services, and ensures an end-to-end premium quality of service and one which is ultra-secure.
Connecting mobile operator and points-of-presence across the world, a secure and reliable IPX serves as a global backbone for IoT transport. Businesses are able to be securely connected via IPX, either from their private data centre, or from their applications running on a public cloud provider like AWS, Google or Azure. The IPX connection is fully secured and wholly separate from the public internet. A secure connection to any cloud-hosting site is critical. This is where a business stores, manages and analyses the data from its connected proposition; a treasure trove for hackers.
- Collaborate and co-operate
It’s here that the third IoT security must-have comes in collaboration. The size and diversity of the global IoT is significant. It encompasses device manufacturers, mobile network operators (MNOs) and mobile virtual network operators (MVNOs), new entrants capitalising on the IoT, and incumbent telcos that provide the critical connectivity infrastructure.
Collaboration is required among all of these stakeholders to ensure that the ecosystem is secure. Bodies like the GSMA and GSA, as well as groups like the ITW Global Leaders Forum, play an important role. Carriers and IPX providers meanwhile can serve as the critical bridge between the telco and digital worlds.
The digitalisation we saw in 2020 wasn’t a passing trend. As more organisations connect to the global IoT, all parties mut ensure they take the required steps to secure the ecosystem. Adopting a connectivity platform, using a private IPX, and collaboration across the industry will help organisations better protect their subscribers and their business.
The author is Mikael Schachne, CMO and VP of Mobility & IoT, BICS.