Cisco Blogs


Cisco Blog > Internet of Everything

Drop the IT-Centric Mindset: Securing IoT Networks Requires New Thinking

October 8, 2014 at 5:00 am PST

The Internet of Things (IoT) has become a popular topic of discussion amongst security company executives, analysts, and other industry pundits. But when they begin discussing the technical details, it quickly becomes evident that many of the most experienced security professionals still approach IoT with an IT-centric mindset. That’s because they believe IoT is mostly about the billions of new connected objects. While the dramatic increase in the number and types of connected objects certainly expands the attack surface and dramatically increases the diversity of threats, they’re only part of the IoT security challenge. In addition, the convergence of the organization’s existing IT network with the operational technology (OT) network (e.g., manufacturing floors, energy grids, transportation systems, and other industrial control systems) expands the depth of security challenges and makes threat remediation remarkably more complex.

While IT and OT were once separate networks, they’re now simply different environments within a single extended network ‒ but by no means are they the same! The architectures, operational needs, platforms, and protocols are vastly different for each of them, which drive radically different security needs for each of them. As a result, security architectures, solutions, and policies that have proven effective for years in the IT world often don’t apply in OT environments, so attempting to enforce consistent security policies across the extended network is doomed for failure.

Protecting data confidentiality is IT’s primary concern, so when faced with a threat, their immediate response is to quarantine or shut down the affected system. But OT runs critical, 24x7 processes, so data availability is their primary concern. Shutting down these processes can cost the organization millions of dollars, so the cost of remediation may be greater than simply dealing with the aftermath of an infection. In addition, because OT is a human-based operation in what can be dangerous working conditions, their focus is on the safety of their operation as well as their employees. As a result of these main differences, the two groups approach security in completely different ways. While IT uses a variety of cybersecurity controls to defend the network against attack and to protect data confidentiality, OT views security more in terms of secure physical access, as well as operational and personnel safety.

Securing IoT networks must go beyond today’s thinking. Rather than focusing on the individual security devices, they need to be networked, so that they can work together to produce comprehensive, actionable security intelligence.  By combining numerous systems, including cyber and physical security solutions, IoT-enabled security can improve employee safety and protect the entire system from the outside, as well as the inside. As a best practice, IT should maintain centralized management over the entire security solution, but with a high level of understanding of the specific needs of OT. Based on that understanding, they need to enforce differentiated security policies to meet those specific needs, and provide localized control over critical OT systems.

At the end of the day, IT and OT need to work together for the common good of the entire IoT implementation – thereby driving truly pervasive, customized security across the extended network.

Want to learn about the part Big Data plays in your overall security plan, and how Cisco can help organizations deliver the security they need to succeed in the IoT and IoE eras? Join us for a webcast at 9 AM Pacific time on October 21st entitled ‘Unlock Your Competitive Edge with Cisco Big Data and Analytics Solutions.’ #UnlockBigData

Tags: , , , , , , , , ,

To Succeed with Big Data, Enterprises Must Drop an IT-Centric Mindset; Securing IoT Networks Requires New Thinking

October 7, 2014 at 2:54 pm PST

To help organizations who aspire to apply the power of big data enterprise-wide, Cisco provides a powerful, efficient, and secure infrastructure and a wide array of analytics solutions. In our previous blogs, others have highlighted the benefits of Cisco’s ability to provide the scalability, ability to process both real-time data and historical data with predictable, high performance, and the comprehensive management automation enterprises will need to keep pace with big data in the IoE era. Today, I’d like to begin a conversation about how enterprises can secure their increasingly distributed networks – and the data that is being transported across them – as we operate in an environment comprised of 50 billion connected devices (in just five years from now).

One of the key drivers of Big Data is the Internet of Things (IoT), when every connected ‘thing’ will be capable of producing data. IoT has become a popular topic of discussion amongst security company executives, analysts, and other industry pundits. As they discuss the technical details, it quickly becomes evident that many of the most experienced security professionals still approach IoT with an IT-centric mindset. Of course, they are partially correct. Securing an escalating volume of data requires rethinking our approach to security. Not only do security devices need to be faster, they need to navigate issues very specific to data centers and complex data flows. They need to be inserted as close to the traffic flow as possible, such as being positioned inline into East/West traffic flowing across the data center. They need to be able to track and secure asymmetric traffic, often across multiple locations. They need to be able to blend corporate policy with public standards. Finally, they need to move seamlessly across physical, virtual, and cloud environments in order to ensure seamless policy enforcement. Gone are the days when we can just hairpin traffic out of the data center to be inspected elsewhere. Speed and agility do not allow for that sort of bottleneck.

However, IoT is not only about the billions of new connected objects and inspecting the data they are producing. While the dramatic increase in the number and types of connected objects certainly expands the attack surface and dramatically increases the diversity of threats, they are only part of the IoT security challenge. Another new challenge is the convergence of the organization’s existing IT network with the operational technology (OT) network (e.g., manufacturing floors, energy grids, transportation systems, and other industrial control systems.) These new environments, usually omitted from traditional IT thinking, expand the depth of security challenges, and makes threat remediation remarkably more complex.

Big Data is not just being generated by web-enabled toothbrushes or smart appliances. For Big Data to be useful, the data that is collected needs to be actionable. Converging data needs to be able to turn on or off water supplies, ramp up manufacturing floors, redirect traffic, or manage the flow of electricity during peak usage. As a result, while IT and OT were once separate networks, they are now simply different environments within a single extended network ‒ but by no means are they the same! The architectures, operational needs, platforms, and protocols are vastly different for each of them, and drive radically different security requirements. As a result, security architectures, solutions, and policies that have proven effective for years in the IT world often don’t apply in OT environments, so attempting to enforce consistent security policies across the extended network is doomed for failure.

Protecting data confidentiality, especially at high volume, is IT’s primary concern, so when faced with a threat, a common immediate response is to quarantine or shut down the affected system. But OT runs critical, 24×7 processes, including critical infrastructures, so data availability is their primary concern. Shutting down these processes can cost an organization millions of dollars, and actually put the public at risk, so the cost of remediation may be greater than simply dealing with the aftermath of an infection. In addition, because OT is a human-based operation in what can often be dangerous working conditions, their focus is also on the safety of their operation as well as their employees. Because of these main differences, IT and OT teams have traditionally approached security in completely different ways. While IT uses a variety of cybersecurity controls to defend the network against attack and to protect data confidentiality, OT views security more in terms of secure physical access, as well as operational and personnel safety.

Securing IoT networks that need to participate in and respond to the demands of Big Data must go beyond today’s thinking. Rather than focusing on individual security devices, solutions need to be networked so they can collaborate to process increasing volumes of data into comprehensive, actionable security intelligence. By combining numerous systems, including cyber and physical security solutions, IoT-enabled security driven by Big Data can protect the entire interconnected environment outside threats, monitor and secure critical data and infrastructure inside specific domains, and even improve employee safety. As a best practice, IT should maintain centralized management over the entire security solution, including the use of open standards in order to see and coordinate with public standards, but IT also needs to develop a high level of sensitivity to and understanding of the specific needs of OT. This will allow them to enforce differentiated security policies to meet the specific needs, of the different parts of their network and provide localized control over critical OT systems while dealing with the operational demands of Big Data.

At the end of the day, IT and OT need to work together for the common good of the entire IoT implementation – locally and globally –thereby driving truly pervasive, customized security across the extended network.

Cisco can help organizations deliver the security they need to succeed in the IoT and IoE eras. To hear more about Cisco’s big data story, join us for a webcast at 9 AM Pacific time on October 21st entitled ‘Unlock Your Competitive Edge with Cisco Big Data and Analytics Solutions.’ #UnlockBigData

As the pace of big data adoption increases, speeding delivery of new big data and analytics solutions will become increasingly important. To find out how Cisco is helping our customers do just that, watch for Mike Flannagan’s upcoming blog “Aligning Solutions to Meet Our Customers’ Data Challengesthis Thursday. #UnlockBigData

Tags: , , , , ,

Your Business Powered By Cisco Customer Solutions Architecture (CSA). What are Cisco CSA’s Benefits?

This is part 1 of the “Your Business Powered By Cisco Customer Solutions Architecture (CSA)” blog series.

Many IT organizations are challenged to take advantage of the new technologies enabled by Virtualization, Cloud, Analytics and IoT.  Applications enabled by these new technologies must be protected from unauthorized use but remain accessible, in a secure manner, from any device in any location throughout the world. With a vast array of new technology choices and a substantial installed infrastructure base, it is important to have a place to start --a solutions architecture-- that provides a framework for using these technologies that will drive business outcomes.

The CSA is a transformational customer-facing blueprint that delivers IT-based services for enterprise and service providers to achieve their business outcomes.  To be relevant for our customers, the CSA was developed based on disruptive examples that Cisco engineers observed in the industry during their discussions with both enterprise and service provider customers worldwide.

Some of these disruptive examples include use of new technologies such as: Analytics, Cloud, Internet of Things (IoT), Internet of Everything (IoE) and Cyber security.  It should also be stated that the front end for IT blueprint consulting is Cisco Consulting Services, and this CSA is representational of the sets of abstractions that describe the actual functions.

In all IT environments, both enterprise and service providers, Cisco sees two common trends: Read More »

Tags: , , , , , , ,

Internet of Everything: Hype or Hyper Progress?

Last month, Gartner published one of its well-known Hype Cycles, and a Forbes headline summed up a key assertion very well. “It’s Official: The Internet Of Things Takes Over Big Data As The Most Hyped Technology.”

This comes as no surprise to anyone engaged in this market phenomenon – the explosive growth of things connecting to the Internet. At Cisco, our engineers determine that about 13.5 billion things – everything from mobile devices and computers to sensors and machines — are connected today. By 2020, we forecast 50 billion such connections – a much faster adoption rate than electricity or telephony.

Web searches for IoT and media mentions of IoT each have tripled in the past couple of years alone. Our consulting services group confirms that global Internet Protocol (IP) traffic continues to accelerate exponentially, and the last two years have spawned new IoT-related consortia and standards bodies.

The hype clearly has accelerated. However, I passionately believe that in this case the hype is completely justified because it is underpinned by tangible hyper progress throughout all types of industries. Other markets in the past that have ranked high on the Hype Cycle have included ecommerce and wireless technologies, and nobody can argue the rocket success of markets engaged in online business portals, social media or mobile devices such as smart phones.

IoE Can Unleash $19 Trillion in Economic Value

IoT provides the foundation for an even greater – we think unprecedented – technology revolution that Cisco calls, the Internet of Everything (IoE). IoE includes the connection of things, people, data and processes, enabling the transformation of data into information, knowledge and wisdom. As a result, Cisco Consulting Services estimates that IoE can unleash $19 trillion of economic value worldwide over the next decade by generating new innovation, revenue streams, customer experiences and improving asset utilization, employee productivity as wel as sup0ply chain and logistics operations.

Read More »

Tags: , , , , ,

From Forklifts to Shelves, IoE is “Lighting Up” Warehouses around the World

Connecting Dark Assets: An ongoing series on how the Internet of Everything is transforming the ways in which we live, work, play, and learn. 

If you’re trying to run a business today, you are undoubtedly dealing with global manufacturing and distribution systems—and competitors from around the world. The Internet has given companies of all sizes access to a global marketplace, and that means competing in an environment where cost is king, and margins are razor-thin. No wonder manufacturers and distributors are trying to squeeze every bit of inefficiency out of every link in their supply chains.

Fortunately, the Internet of Everything (IoE) is here to light up “dark” supply chain assets by connecting them to data, things, and processes that multiply their value. As a matter of fact, Cisco Consulting Services’ research shows that IoE has the potential to create or migrate $2.7 trillion in value over 10 years’ time by improving supply chain and logistics efficiency and reducing waste.

Take, for example, the common forklift. It’s an ubiquitous feature of factories, warehouses, and loading docks everywhere—but not tremendously efficient when you factor in the time it takes for a driver to locate the correct pallet, and the damage that sometimes occurs while navigating stacked pallets through narrow warehouse aisles. But when IoE “lights up” this dark asset by giving it sensing capabilities and connecting it to the right data and software, the forklift becomes an auto-guided vehicle (AGV)  that can find its own way through a massive warehouse. The AGV can go directly to the correct pallet of goods and deliver it at the right time to the right place. It will even plug itself into a charging station at the right time to ensure optimal battery life.

But it’s not just auto-guided forklifts that are transforming warehouse efficiency—sometimes it’s robot-guided shelves. Amazon is using small Kiva warehouse robots to move portable shelves from warehouse storage to an area around the perimeter Read More »

Tags: , , , , , ,