Imagine if there was a scalable, affordable security technology that protected commercial devices in the Internet of Things (IoT).
It’s not hard to see the commercial potential for a solution dealing with tens of thousands of connected devices at a time, in markets ranging from industrial cooling systems to wind turbines and ATM cash machines.
IoT Now’s Jeremy Cowan recently heard about a product the size of an Apple TV, developed as “a kind of firewall” that can be rolled out easily and scalably. Here he quizzes the man behind the rumours, Klaus Gheri, VP of Network Security at Barracuda Networks. Klaus has spent the last few years working on a scalable solution for commercial IoT security problems, and is reported to be planning a deployment of 20,000 units for one customer.
IoT Now: Klaus, how would you describe the threats and obstacles to commercial growth in the Internet of Things?
Klaus Gheri: From delivery vehicles to ATMs, air conditioning systems to CCTV (closed circuit television) cameras, the scope for connecting devices in industry appears to be as big, if not bigger than, the comparable consumer opportunity. However, for the business world, the IoT faces a major barrier to adoption: in their current state, the tools that help businesses deploy and secure IoT devices are simply not fit for purpose.
One of the main barriers to securing the IoT is simply that there’s not a ‘one size fits all’ solution. At one end of the spectrum, we’re talking about tiny equipment such as CCTV cameras and intelligent lightbulbs, on the other we’re talking about large machine equipment. Depending on what the IoT device is, there will be a different approach to security that is economically viable. The challenge is finding the right security solution for each use case. This has meant that today, companies either have nothing securing their IoT network, or have something that is not really fit for purpose.
Scale is a key consideration. Once organisations have a large number of devices, it becomes very difficult from an operational standpoint to get physical access to each device to fix any flaws. When the size of the IoT network goes into the hundreds or thousands, deploying both the device and a security solution for it becomes a logistical challenge – how do you deploy the equipment? how do you manage its lifecycle? how do you implement security policies?
The sheer number of IoT devices can easily overwhelm a lean IT team. I have seen several instances where a 250-person company with 400 IP devices all of a sudden plans to connect more than 5,000 devices. An IT concept for 400 devices looks very different to one for 5,400.
IoT Now: I understand you have focused on a solution for variations in security, scalability, and connectivity. What is it?
KG: Yes, companies embarking on IoT projects are facing a number of challenges that broadly fall into three categories; security, connectivity and scalability.
From a security perspective, companies want to be able to ensure access to the device is only allowed with corresponding privileges. They also need to ensure that the communications from the device to the central management hub are secured. One of the main issues in today’s connected devices is the use of weak encryption and authentication, which leaves the IoT vulnerable to data theft. The device systems might also be ‘closed’, meaning they are hard to remotely maintain and update, should they exhibit any security weaknesses.
From a scalability perspective, businesses need to be able to roll out thousands of devices quickly, by untrained staff, often in remote locations. This means that the solution needs to be very easy to use and set up. These devices also need to be connected and managed in a cost-effective manner.
We designed the Barracuda NextGen Firewall S Series to solve these challenges for mid-to-large size companies that need to manage a large number of remote investment goods, machinery, kiosks or micro-offices.
Companies place one of our Secure Connector (SC1) units at each IoT device, which are then connected, via an encrypted VPN, to a single virtual-deployed gateway, or Secure Access Concentrator (SAC). All the advanced functions like application detection, IPS, anti-virus and URL filtering can then be done centrally, meaning that the SC1 devices are small, inexpensive, lightweight and mountable. These are essential features for use cases with high-volume, relatively low-cost devices, for example an ATM, or a managed industrial refrigerator.
To ensure scalability into the thousands, multiple SACs can be integrated and managed by a single, central control centre. We’ve made the solution easy to ship in large numbers and easy enough to implement and manage so that organisations don’t need to hire a whole new team of security or IT specialists.
IoT Now: How does your approach differ to others in the market?
KG: Most of the traditional firewall or UTM players treat IoT defence as just another deployment option for their smaller firewalls. There is a hope that an industrial freezer or a remotely managed air conditioning system can be connected and secured in the same way as a home office. There are also a number of players that come from the industrial IT space and have a more specific approach on form factors.
Both groups have one thing in common: that the sheer number of connected things overwhelms the capacity of traditional management architectures. We went back to the drawing board to re-engineer the design of a secure, but ultimately scalable infrastructure. We moved the actual granular firewall fabric into the data centre, whether that is privately or in a public cloud. Then, the operational devices, which can protect and connect the things, are able to fulfil their role of making the devices invisible and permanently connected.
IoT Now: Has this been tested in the market yet? If so, with which organisations and what were the results?
KG: There have been a number of early adopters of secure IoT, but most of these companies relied on traditional firewall or VPN architectures, since they could scale comfortably from hundreds up to a maximum of a thousand. Some obvious examples are banks securing ATMs and some machine manufacturers.
Only recently has the digital transformation revealed the need to secure not hundreds, but tens of thousands of Things. The use cases for the S Series are incredibly broad, but while it is a few months too early to publicly speak of them in detail, it is astonishing how formerly self-defined “boring” IT infrastructures can all of a sudden change into the most demanding and challenging ones.
We have been working on a range of use cases including securing and connecting wind turbines, retail store components, automatic soup dispensers and industrial laundry machines. These use cases typically range from 1,000 up to 30,000+ devices. As you can imagine, there is time and effort involved into getting things right before the roll-out starts. What they all have in common, though, is that each project is one or two orders of magnitude bigger than what the respective companies have previously needed.
IoT Now: When and where can we expect to see this go to market?
KG: The secure IoT market is ramping up right now. From a geographic perspective, Germany is leading the drive for this kind of simple, secure, scalable technology, but it is closely followed by the other industrialised economies including the UK and Netherlands. The S-Series is available and really gaining momentum across Europe now.
I see this as a reverse yet complementary evolution to the adoption of public cloud, which started in the US, gained momentum in the UK, then in Benelux until it eventually started to take off in Germany. Both the cloud and Things are natural results of the digital transformation of businesses and are hence inevitable trends, even enabling and further driving each other. Hence, we expect both to play a big role in the near future for almost every business.
Only recently users of cloud and IoT technology had to find a good reason to do it. Now, one has to find a good reason not to.
The author of this blog is Jeremy Cowan, editorial director of IoT Now & VanillaPlus.
Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow
