Security On The Edge: How Is Your Agency Protecting Data at the Edge?
bywalkerj03-21-201708:47 AM - edited 03-21-201709:58 AM
It’s no surprise that the Internet of Things (IoT) is expanding. IHS predicts that the number of IoT-connected devices will grow to 75.4 billion in 2025. While greater connectivity increases innovation and operational flexibility, these devices raise concerns about network security.
In January 2017, the Government Business Council (GBC) surveyed 442 federal employees about the state of their network security and what their agencies are doing to secure the data at the edge. Sixty percent of respondents cited security as the most important performance feature when it comes to the devices and sensors their agency uses to transmit data, ranking above stability, speed and accuracy. Further, 89 percent of those surveyed felt it was very or extremely important that devices operating on the edge, such as IoT-connected devices, were secure from malicious attackers.
Despite this agreement, 58 percent of respondents are only somewhat, not very or not at all confident about the security of edge devices. The most commonly cited tactic for securing the edge is also one of the easiest approaches for hackers to work around: stringent password requirements. What is causing these security gaps? Insufficient funding, slow procurement and lack of technical expertise were highlighted as top challenges. However, agencies can take steps to protect their networks from the edge to the core.
SDN: Making Security a Reality for Data at the Edge
With so many connected devices created by a wide variety of manufacturers, relying solely on point product security measures is not enough. Agencies will need to take a network-centric approach to security. Software-defined networking (SDN) can help simplify security across the network from the core to the edge. SDN provides a level of service abstraction to allow a single set of security policies to be applied to many devices simultaneously. In addition visibility and analytical tools can be deployed as a complement to these centralized security policies to provide a view of how these policies are being applied and if policy adjustments are needed. This creates a dynamic security paradigm that can adapt to various data sets and adversarial attacks across the enterprise.
This enterprise security approach ensures that federal agencies can protect their most sensitive data, while guaranteeing that IoT connected devices at the edge are secure and can be modified to support various standalone or collaborative engagements that typically occur at the tactical network edge.
IoT Security Guidelines: Agencies Look to Government
As IoT rapidly advances, agencies are looking for government to provide guidance when it comes to security. Eighty-one percent of respondents to the GBC survey support the development of a framework that would allow more rapid deployment of automated security updates as a step towards expediting IoT security. While there is not yet an official framework or set of IoT security guidelines for agencies to follow, there are programs, like the Commercial Solutions for Classified (CSfC) program, that provide a standard benchmark for commercial options for securing various aspects of the data center and the enterprise.
While 86 percent of survey respondents said they were not very or not at all familiar with the CSfC program, agencies are beginning to consider ways they can take advantage of the program. Just recently, Special Operations Command (SOCOM) technical director Bill Burnham said SOCOM would be focused on devising policies to better leverage CSfC approved capabilities, illustrating how such programs can be utilized across agencies. Winning in cyberspace will take a combined effort amongst multiple public sector agencies and other coalition entities. Securing communication between these entities would be more efficient if anchored by a common security foundation based on a set of attributes that can be deployed collectively with limited interoperability concerns.
The IoT is rapidly evolving and growing and while security is an important concern, it doesn’t need to be a barrier to taking advantage of the trend’s benefits. By enabling security from the core to the edge and taking advantage of programs like CSfC government can take advantage of the IoT without fears of the network being breached.