Internet Of Things Will Turn Networks Inside-Out - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // CIO Insights & Innovation
09:06 AM
Patrick Hubbard
Patrick Hubbard
Connect Directly

Internet Of Things Will Turn Networks Inside-Out

If IoT is ever going to work, networks will have to grant access to devices that we'd refuse outright today.

You and your cruddy endpoints are dangerous, unwashed, and unwelcome on most enterprise networks.

Nothing personal. It's the model by which all networks, public and private, protect themselves and other trusted users. Your endpoint is a wretched hive of scum and villainy unless proven otherwise, and the current security model puts the onus (and some cost) on the connecting party to demonstrate trustworthiness.

While that approach has worked with varying degrees of success, there's a problem: It won't work for the Internet of Things.

If IoT is ever going to work, networks will need to grant access to devices that today we'd refuse outright. Imagine not 10 vendors, but 10,000 vendors, making inexpensive gizmos that arrive by the shipping container, with no monitoring hooks. They will be a legion of disposable agents with unknown agendas.

We're about to be forced to turn network security inside-out and actually compete to get IoT traffic, with wide open arms of connectivity.

Um, how about no
"Why would anyone be forced to do this?" you ask. Simple. We won't have a choice. The networks that power IoT won't be funded by subscription or by benevolent enterprise overloads that hand out IP addresses to the laptops and BYOD demands of today.

[IoT devices are at a consumer standstill today, but that will change. Read Survey: Consumers Don't Get IoT, But They Will.]

IoT networks will be funded by Marketing -- that's marketing with a capital "M" -- and big data analytics silos. At first this data will drive the standard targeted marketing and brand awareness campaigns. But in short order IoT connection providers will consolidate into user data-collection networks and resell this information into identity/behavior marketplaces.

Wherever marketplaces appear, they drive upstream production changes to achieve premium demand (and price) on that market. In the case of the IoT networks we'll be asked to build, that means two things: First, get as many devices connected as possible; and second, encourage them to explore their full range of services to create the biggest pile of the most mineable data possible.

More than becoming promiscuous about allowing non-vetted connections while holding our security noses, we will have to actually advertise and even incentivize for random devices to connect to our networks. This is the exact opposite strategy of today, where we fold our arms, say no to all comers, and then force each endpoint to satisfactorily demonstrate its worthiness to pass packets.

The challenge before us is nothing short of reinventing security.

Firewalls we haven't invented yet
No matter how amazing the opportunities may become, I can't imagine walking into a meeting with my CIO and attempting to pitch that idea, at least not an inside-out security model all the way to the data center. That means demarcation in the form of a firewall, but it's not going to be any sort of firewall we're configuring today.

The point where these two networks connect -- the "come hither" enablers of IoT and our current, manicured data center plumbing -- is going to be a bit like that creepy scene in Spielberg's A.I. Artificial Intelligence, where Gigolo Joe is explaining to a wide-eyed 10-year-old David what he does for a living. Neither had a clue what the other's world was really like, and fortunately neither David nor data center admins really need Joe's icky details.

However, the firewalls between these networks will need something entirely new, something that Software-Defined Networking only begins to offer: intelligence. Despite its 130-decibel hype, SDN as currently envisioned isn't much more than automation of existing configs. Sure, VMware's NSX offers magical fairy-packet tunneling and does at least move toward firewall decentralization. However, it's still only as clever as the admins and network programmers who feed SDN its policy rules.

To achieve the true potential of IoT, firewalls will have to get involved in probability.

When probably is good enough
The IoT firewalls of tomorrow will need to weigh security against opportunity outside the comfort zone of today's administrators. They'll need to understand the finance and legal departments' assessment and appetite for business risk, as well as the marketing department's ever-changing market-optimization rules. And if that seems anathema to admins, it should -- it's Business data with a capital "B," an area admins swerve to avoid wherever possible.

The very idea that the same people who use political influence to open firewall holes for cowboy processes are going to be injecting autonomously executing service policies gives me the willies. But at the same time, for IoT to reach its full potential, every single endpoint will have to earn a market citizen score on its packet behavior alone, and then we'll need to allow those endpoints that we expect to drive revenue to have more access.

There's a word for this: trust. It's not certificate trust, device trust, or logon authority trust. No, it's trust as understood by the credit industry. For example, will a bank trust you enough to approve a loan you might not repay?

If we can find a way to create intelligent, trust-based access, IoT will give companies a level of personalization and high-margin personalized services that will let them pull away from the online herd. Although in the short term, it may turn some network admins' stomachs inside out as well.

The Internet of Things demands reliable connectivity, but standards remain up in the air. Here's how to kick your IoT strategy into high gear. Get the new IoT Goes Mobile issue of InformationWeek Tech Digest today. (Free registration required.)

Patrick Hubbard is a head geek and director of technical product marketing at SolarWinds, an IT management software provider based in Austin, Texas. Hubbard, who joined SolarWinds in 2007, has more than 20 years of experience in product management and strategy, technical ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
10/21/2014 | 3:35:39 PM
Re: AI
I think it will have to be a whitelisting scenario to start for many organizations.  Trusted endpoints will be allowed to have certain privileges while the majority of unknown devices and connected endpoints will as the author states, just be banned from the network.  It's easier to be the bad guy who prevents the opening of pandora's box than the guy who says "sure, why not" and has to deal with what comes out of it!
User Rank: Ninja
10/21/2014 | 11:42:22 AM
Nice AI analogy. I hope though, that unlike that movie where we end up having to round up rogue technology, that we'll find an easier way to interact with it and not just let it run rampant without supervision. The internet of things is a great idea, but without much in the way of oversight, it's a little intimidating. 
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll