And an analysis of the why and how of developing an IoT strategy
by Patrick Hubbard, Head Geek, SolarWinds
The Internet of Things (IoT) has been a buzzword for quite a while now. For many, it conjures up images of smart thermostats, home security systems, app-powered office coffeemakers, and even internet-connected crockpots. Consumer IoT devices such as these, often referred to as internet-connected appliances, are certainly experiencing exponential growth, but the growth of business or industrial IoT is even more astounding:
Gartner estimates that there will 21 billion endpoints in use by 2020, resulting in massive potential for data generation in 2020.
The Challenges of IoT
Enterprise and industrial IoT devices themselves can be very helpful in determining such things as soil moisture in smart agriculture, improving asset tracking in the shipping industry, and determining temperature and utilization in a manufacturing facility. However, the sheer volume of these devices presents an issue when they are added to a network without a strategy, much like BYOD when it first came about.
But unlike with phones, tablets, or laptops, a majority of IT professionals managing networks with IoT-connected devices aren’t conducting software updates on the devices; instead, the primary focus has been on how these appliances can be used in novel ways, with the risks of their unmonitored internet connectivity falling by the wayside. This common oversight and its consequences were illustrated via the recent Dyn DDoS attack—many of the devices used in the attack were connected to corporate networks and improperly monitored. In consequence, we need to stop thinking about IoT as “BYOD on steroids.” Instead, we need very different and customized strategies because IoT has the power to disrupt operations in a dangerous way.
Thus, it’s clear that IoT devices are changing networks and our ability to monitor and manage them. With that in mind, it’s important to note IoT device class (0, 1, or 2). This refers to the variety of ways the network is affected by IoT devices. Class 0 devices are light, use low power and aren’t truly IoT devices that require dramatic shifts in the way we monitor and manage our networks
Monitoring and management of classes 1 and 2 are a different story, though. Managing class 1 and 2 IoT devices comes down to managing access properties on the routers and switches that allow devices to get to the internet. Monitoring these devices is more application traffic-specific, calling for Netflow or quality-of-service (QoS) in order to see what the devices are doing because they won’t typically allow for SNMP or provide a management interface to determine performance. This factor makes security information and event management (SIEM) and important consideration as well—you need to be able to detect that a network device is conducting a port scan or file share logons, for example.
In terms of capacity planning, if you believe the estimation of billions of devices in use by 2020, then we will undoubtedly overwhelm our networks in ways we can’t even imagine right now. If subnetting is a problem now, with the typical and somewhat manageable systems, then the order of magnitude brought on by IoT devices would likely force companies into IPv6, which they may not be ready for. They will cause transience with IP addresses and difficulty understanding what the bandwidth is of any given device—different devices have different behaviors, and they all communicate with different servers. Some will be well-optimized for this, and some won’t be. The retail industry, as an example, uses immense hyper-personalization based on IoT, so network capacity and utilization is of utmost importance. In order to avoid latency or downtime, they will need to undertake tremendous network capacity planning and utilization, or risk their reputation and customer experience.
The Benefits of an IoT Strategy
Although it may seem like the industry is moving at too rapid of a pace for you to slow down and implement and test an effective IoT strategy, it’s imperative to do so; the fact that there are a multitude of adoptable standards in existence already may help.
The first and perhaps most obvious benefit of implementing an IoT strategy is the reduced risk of data breach. Without knowledge of possible vulnerabilities, your organization may be open to security compromises in ways that could be harmful to your business and appear to come out of left field, although they could have been left unnoticed for a long period of time. A recent yet admittedly simple poll of IT professionals showed that while some organizations still don’t manage any IoT devices (or none that IT knows about), some, even in regulated industries such as healthcare, manage thousands of devices without following specific protocol.
The second benefit is financial: organizations can anticipate extra costs by conducting capacity planning and network management before IoT devices are put on a network. Additionally, organizations will be more likely to obtain what they set out to in the first place: bottom line savings advantages gained by implementing innovative IoT devices; for example, in HVAC efficiency, physical security, short lead manufacturing efficiency, and production rate optimization in the supply chain. Companies who are using IoT in truly transformative ways within the framework of formulated strategies for their customers will be the first out of the gate to experience unprecedented benefits.
Getting Started On an IoT Strategy
As a first step to gaining knowledge and control over IoT, you should take inventory of what you already have happening from an IoT device perspective within your environment. Without this baseline knowledge, there’s no way to move ahead with any kind of semblance of a strategy.
Next, you need to come to the table with business executives and discuss what they intend to do with IoT devices. Seek to understand how many devices there may be and what type.
Once there’s collective agreement about how many IoT devices will be in your environment, it’s up to you to formulate a security policy, outlining what’s acceptable in terms of risk. This is also dependent on your industry—retail versus financial services versus healthcare, for example. You may need to consider PCI, HIPAA and other compliance issues. The security policy will also drive reconsideration of network and security segmentation.
When having these conversations with business leaders, it’s also a time to calculate business risk and put a hard, defensible number behind the financial hit to the business in the event of a serious security breach as a result of IoT. Once you are able to calculate financial damage estimations, then it becomes easier to have discussions with management about security, network security, configuration, performance and quality of experience (QoE) monitoring needs.
In addition to aligning with the business on security policies and business risks, this is also the time to consider what to do with the huge amounts of data the devices will generate. And because so many organizations are moving towards hybrid IT, you may need to consider how both on-premises and cloud data will be managed from a services, applications, and storage perspective, in order to best manipulate the data to improve marketing, service delivery, or increase yield in a factory setting.
Conclusion
IoT should be an active concern for you. If you’re not already, you will soon be asked to manage more and more network-connected devices, resulting in security issues and a monumental challenge in storing, managing and analyzing mountains of data. The risk is that without a proper strategy to do so, you’ll be tackling all this on an ad hoc basis on an ad hoc basis. Instead, stop what you’re doing and start developing your IoT strategy. Begin by surveying your network today to get a baseline, then come to the table with your organization’s IoT stakeholders to determine why they need IoT and how they plan to use the devices, discuss the security implications and define a security policy, and decide what to do with all the data the devices will generate. Doing this, ahead of time if still possible, will help you ensure that your organization doesn’t become an IoT victim, but an IoT victor.
About the Author
Patrick Hubbard is a head geek and senior technical product marketing manager at SolarWinds. With 20 years of technical expertise and IT customer perspective, his networking management experience includes work with campus, data center, storage networks, VoIP and virtualization, with a focus on application and service delivery in both Fortune 500 companies and startups in high tech, transportation, financial services and telecom industries.
About SolarWinds
SolarWinds (NYSE: SWI) provides powerful and affordable hybrid IT infrastructure management software to customers worldwide from Fortune 500® enterprises to small businesses, government agencies and educational institutions. We are committed to focusing exclusively on IT Pros, and strive to eliminate the complexity that they have been forced to accept from traditional enterprise software vendors. Regardless of where the IT asset or user sits, SolarWinds delivers products that are easy to find, buy, use, maintain and scale while providing the power to address all key areas of the infrastructure from on premises to the cloud. Our solutions are rooted in our deep connection to our user base, which interacts in our thwack online community to solve problems, share technology and best practices, and directly participate in our product development process.