I recently noticed that much of my incoming mail from publications and other vendors is alerting me to the fact that the Internet of Things (IoT) is going to change our lives — for the better for most, but it might create havoc for IT. How does IT account for unknown devices, wearables, new operating systems and a greater number of non-user managed things?
We’ve all seen the latest stats. According to the The Internet of Things 2015 Report, 34 billion devices will be connected to the Internet by 2020, of which 24 billion will be IoT devices. These will include all sorts of consumer wearables like Fitbits, to smartphone-based car keys and garage door openers. But the big surprise is that the largest adopter of IoT will be businesses, not consumers. Businesses are projected to have 11.2 billion IoT devices installed by 2020.
While IoT offers obvious benefits for businesses — intelligent workplaces, smart conference rooms, the potential for energy efficiencies—the flipside of all those benefits are the possible security gaps that IoT brings to the enterprise network. Should of these headless devices be placed on production networks, and will admin privileges on these devices give hackers an opportunity to infiltrate Intranet networks, potentially accessing sensitive data.
Given their sheer number and the security risks they pose, IoT devices need to be an integral part of the conversation when planning network infrastructures—the network needs to be smart enough to classify and understand the behavior of these devices. And it needs to be able to kick a suspect device off the network until it can be trusted.
At Aruba, we’re tackling the IoT security dilemma the same way we did with BYOD — although now we’ve had to up our game. With Aruba ClearPass 6.6, IT can create custom fingerprints for an IoT device in minutes instead of weeks to support real-time decision making for access and security actions.
The latest enhancements to ClearPass enable IT to create custom profiles in order to identify and securely place IoT devices onto appropriate VLANS and enforce policy rules in real-time. Through real-time interaction with third party best of breed security solutions, ClearPass can automate threat protection for devices that represent risk, with minimal hands-on IT interaction.
For instance, if a new HVAC sensor attempts to log in to a server that stores financial data, something must not be right. If it now looks and acts like a computer, ClearPass can potentially bounce the device off of the network. If a hacker is using admin privileges and a firewall recognizes a traffic pattern for the device that triggers enforcement, the firewall can take action. The request to access the server can be blocked, and the firewall can then request that ClearPass bounce the device from the network.
ClearPass, version 6.6 is ready for download today. And, as we continue to look at IoT we’ll be working on further enhancements. Now that we’re part of Hewlett Packard Enterprise, there are plenty of ways to use ClearPass and other products within our portfolio to help organizations prepare for the potential nightmare of IoT.
If you have any questions about ClearPass 6.6 or how you can better prepare for IoT, let me know.