Getty Images/iStockphoto

Tip

IoT segmentation secures device fleets and broader network

In the age of IoT, IT administrators must isolate devices, such as temperature sensors or surveillance cameras, from other applications and servers to keep their network secure.

The ever-increasing use of IoT devices is leading corporations to adopt one of the evergreen methods of IT security -- segmentation -- to protect their burgeoning fleets of IoT appliances.

IoT devices, such as card readers, sensors and appliances, do not usually have much computing power or memory onboard. Therefore, many can't run security programs to protect themselves on a network. Furthermore, it is often near-impossible to update or patch IoT devices over the air.

There will be 41.6 billion connected IoT devices in operation by 2025, according to an IDC forecast. This multitude of devices will be pumping out a staggering 79.4 zettabytes of data by then. Those figures on their own are enough to give any IT security professional a major headache.

Attackers already target enterprises with a variety of IoT security threats and breaches. Doubtless, there will be many more on the horizon. One mechanism organizations can use to protect their IoT devices and the broader corporate network is segmentation and microsegmentation.

What is segmentation?

Segmentation is a security method that divides a network into multiple segments or subnets that act as small networks. In one form or another, segmentation has grown up with the widespread use of corporate networking and the internet through the 21st century.

On 5G wireless networks, segmentation is called network slicing. This 5G method will become increasingly relevant to IoT as more IoT devices convert to 5G wireless connections, rather than using 4G LTE links or low-power WAN connections, as is typical today.

IoT segmentation can stop ransomware infections or an attacker from moving throughout the network.

Why choose segmentation as a security method?

Despite the plethora of security measures that IT administrators can implement, network segmentation remains an essential defense against cybersecurity threats. Each segmented group of devices can only access the resources they need for approved uses. IoT segmentation can stop ransomware infections or an attacker from moving throughout the network.

Organizations don't need to use segmentation specifically with any other security practices, but it can add to network defenses. IoT network segmentation can boost overall performance. Segregating different operational devices from one another can reduce network congestion.

How to implement segmentation for IoT

With the advent of IoT, network segmentation has become even more critical. As IoT devices proliferate, these vulnerable units must be isolated from other applications and systems across an organization's network.

When rolling out an IoT-based network segmentation project, IT administrators must first identify all the IoT appliances in the organization's fleet. Establishing a device inventory can be a challenge because IoT devices can include connected cameras and mobile card readers, as well as a whole slew of industrial monitors and sensors.

Microsegmentation
Microsegmentation isolates devices and applications to prevent attackers or malware from spreading through a network.

Nowadays, many enterprises use network access control (NAC) tools to implement a zero-trust security policy across their networks. A NAC system continually monitors the network and the devices connected to it. The NAC tool should discover and identify all users and devices before allowing access to the network.

When initially setting up a NAC system, an organization's digital security personnel will determine the appropriate authorization level for users and devices. For instance, an engineer using a sensor to test temperature on an industrial section of the corporate network requires very different access rights than an automated lighting setup running on the same network.

Some IT admins see microsegmentation as the next stage in network security, particularly for IoT tasks. Microsegmentation creates even smaller parts of a network that IoT devices can access, thereby reducing the attack surfaces -- system elements or endpoints -- that are most susceptible to hacking.

IT administrators can apply policies to segment individual workloads running in a cloud environment. The technology applies to east-west lateral traffic between devices, workloads and applications on the network. The increased use of software-defined networking within network architectures has added to microsegmentation adoption. Software that's decoupled from network hardware makes segmentation easier.

These days, segmentation is made more convenient because it is done in software at the device layer. The policies applied to an IoT device remain with that unit even if it is moved to a different network sector.

With segmentation, IoT devices can run on a common infrastructure that includes a shared network and security platform. This segmentation is easy to manage and operate without giving compromised or weakened devices ways to imperil other parts of an enterprise's network.

Dig Deeper on Internet of things security