Securing IoT: Taking the pulse of the network
(Image Credit: iStockPhoto/George Manga)
Manufacturers and developers from a diverse range of industries are already developing and integrating IoT devices into their products, and in the process are creating new and compelling services and business models. From connected cars and smart homes, to connected ‘wearables’ such as Fitbit and Jawbone, the IoT has already established itself.
As increasingly complex IoT-enabled services emerge, the challenges facing mobile operators are becoming apparent. Mobile carriers have a vital role to play in the delivery of IoT, as they not only run their own IoT services (AT&T, for example, has launched a connected car initiative in association with a number of vehicle manufacturers), but they also act as conduits for the IoT data of third-party service providers.
In the case of the latter, operators have a responsibility to deliver against SLAs, including around the reliability and security of the network. In the case of the former, however, operators have a direct responsibility to ensure the security of the IoT services they have launched.
As service providers look to deliver sufficiently high-quality and secure IoT networks, they will need to address challenges stemming from the very different nature of IoT networks compared to traditional mobile networks.
IoT presents new challenges
For a start, service providers have to deal with an exponentially greater number of devices for IoT than they are used to supporting in traditional mobile phone networks. Indeed, smartphone connections are expected to grow by just 2.5bn over the next five years compared to the 30bn new ‘things’ expected to be connected by 2020.
This is a new world for mobile operators and many are understandably concerned about the bandwidth implications. Specifically, different IoT applications will have very different bandwidth consumption profiles. An M2M application in a factory, for example, might only require short message bursts and use very little bandwidth (a factory system might send short messages to turn a device on or off, or to run a diagnostic check, for instance). On the other hand, some IoT applications will be bandwidth-heavy; as an in-car video streaming service for passengers, for example.
Importantly, the relative priority of these new M2M device communications can vary wildly and quite often can have an inverse relationship to the amount of bandwidth consumed. IoT-enabled healthcare is a perfect example of this. A heart monitor may only need to send short, low bandwidth messages to healthcare providers, but this information can quite literally be a matter of life and death in the case of a patient with irregular heart patterns, so it is vital the IoT data gets to where it is needed. In contrast, in-car video streaming services may involve a lot of bandwidth, and have the lowest tolerance for latency, but are generally much lower in relative priority in terms of service assurance.
To solve the challenges around latency, service providers are looking to 5G as a key enabling technology. 5G will dramatically increase the uplink and downlink speeds to subscriber devices and M2M networks (and especially for high end manufacturing robotics), providing the bandwidth and low latency necessary to support the ever-growing range of IoT services using the network. However, as with any new network technology the growth of IoT, and the use of 5G to support this growth, brings with it a security challenge.
A growing threat
As more mission critical applications move to IoT the likelihood for cybercriminals to launch attacks grows, as these devices provide tempting entry points to launch attacks on factories, power plants and even individuals. The proliferation of IoT makes securing these services difficult and many of these non-traditional devices may have undetected security gaps; unlike the mobile phone devices carriers are used to dealing with. Meanwhile, 5G brings with it a dramatic increase in the number and types of cell coverage from small cells to C-RAN (Cloud Radio Access Network), making the task of securing IoT even more difficult.
In lieu of security standards for IoT, service providers need an effective method for securing the technology. One approach that looks set to prove essential in this regard is the use of service assurance solutions to understand better the IoT traffic flowing over operators’ networks.
Virtualize to maximize
C-RAN is indicative of the migration to NFV (Network Function Virtualization) by carriers globally. The benefits of NFV are clear: reduced hardware and power requirements, faster provisioning times and reduced costs. Faced with new traffic demands, higher data rates and lower latency requirements operators are now beginning to introduce C-RAN architectures. The aim being to centralize the RAN and reduce dedicated hardware and network equipment. C-RAN will allow operators to scale to meet the requirements of 4G and 5G as data traffic increases exponentially to serve IoT and other markets.
NFV and C-RAN represent major disruption for the mobile carriers, managing this digital transformation can be precarious without having the right tools in place to oversee the changes taking place.
NFV-enabled networks are a patchwork of different and ever-changing network functions. Only end-to-end visibility of the network enables the analysis of traffic and service performance across the full range of virtualized functions, across hybrid (physical and virtual components), and even the ‘spaces’ between virtual machines, where otherwise blind spots might appear. This visibility and operational data will prove crucial as service providers look to enhance the user experience, optimise investments and secure their networks.
The importance of network visibility
IoT data runs across every element of a service provider’s network: from devices at the edge, through to the core and on into the cloud. If service providers are to guarantee the security of IoT data as it crosses back and forth on their networks, they need to be able to analyse this traffic against IoT-specific criteria, while it is in-flight, in order to monitor for any anomalous – and potentially suspicious – activity.
The right service assurance tools can identify in real-time potential security threats and allow operators to close them down immediately. Over time, continuous monitoring and real-time analytics will enable operators to study the behaviour of malicious attacks and prevent them from spreading. Importantly, modern service assurance tools enable operators to view network activity across all cell sites and networks, both virtual and physical. This mitigates the challenges inherent in moving to 5G, particularly when it comes to the use of C-RAN.
Being able to draw out all traffic data on the network and analyse it in near-real time for threats and vulnerabilities allows operators to have complete confidence in the new services accessing their networks. Moreover, once operators can identify the IoT traffic flowing over their networks, the task of prioritising services becomes much easier. All mission-critical services, such as heart monitor data or factory equipment commands, can be immediately identified as such and given prioritisation over consumer service traffic. This will be important in ensuring that bandwidth-heavy consumer services in no way detrimentally affect the quality of low-bandwidth mission critical services running over the network.
The move to IoT is gathering pace. As new and exciting services launch it is essential that security is prioritised. By embracing service assurance solutions that deliver visibility across the entirety of the network, mobile operators are in the best possible position to deliver on this requirement.
The IoT transformation
Service providers are transforming to accommodate new types of traffic, enable new technologies and facilitate new business and operational models. None more so than mobile carriers, who will bear the brunt of the majority of IoT traffic. This latest phenomenon is compounded by the migration to NFV by carriers. Like many modern businesses the mobile operators are coming to terms with new market realties and competitive pressures. As a result they are accelerating their digital transformation strategies to leverage the huge volumes of data flowing across their networks to optimise performance and service delivery. They are no longer just supporting person-to-person traffic but will be responsible for the connectivity and security of IoT networks. By placing service assurance and data analytics at the heart of their network strategy, they will be able to generate a better understanding of IoT traffic to ensure the delivery of mission critical systems and applications.
What other IoT challenges do you feel needs to be overcome? Share your thoughts in the comments.
Interested in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.
- » Assessing the skills gap in the Internet of Things – and how smart recruitment is helping
- » UK connected car project aims to halt motorway pileups for good
- » Why it's time to break down boundaries to unleash the full potential of IoT
- » Thales, Telstra, Microsoft and Arduino working on scalable IoT security with GSMA standard
- » Arduino-compatible dev board Frame.IoT seeks crowdfunding