The present-day ‘connected-everything’ landscape of the Internet of Things (IoT) is immensely more multifaceted and varied than the networks which preceded it. Users now have more complex access demands with a greater assortment of devices and applications than ever before. Therefore, IT teams face the added challenge of onboarding and securing a large number of device types and user groups. For example, the use of Wi-Fi ‘Pineapples’ to impersonate legitimate networks shows that cybercriminals are constantly exploring new ways to compromise networks. As a consequence, businesses face a higher degree of cyber-risk than ever before, and have a responsibility to protect both vital business assets, and employees with the highest standard of cybersecurity.
This is a daunting task for organisations equipped with outdated tools. In fact, Gartner found that in the past three years, 20% of organisations have been subject to an IoT-based attack. Fortunately, Network Access Control solutions (NACs) are evolving to keep in step with the large-scale changes affecting networks.
What has changed
Conventionally, NAC solutions were used to secure wireless devices like laptops, smartphones or tablets, owned by employees or guests. Initially, this mostly meant applying network policies and credentials, authenticating devices and enforcing the appropriate network access rights. The switch to Wi-Fi as the dominant access method funnelled large numbers of devices onto the network, with a mix of makes, models and operating systems. As a result, organisations must now account for a greater variety and volume of devices on the network, meaning effective security now requires NAC solutions to support all wireless corporate, BYOD, guest and IoT devices alike.
Automation, BYOD and IoT
Taking control of network security starts with a clearly defined network policies for corporate, BYOD and guest devices. While IT has a good level of control and the toolset to secure corporate devices, BYOD present a special set of challenges. Employees now expect to bring their own devices to work to complement any company-provided hardware, and to be able to access the business network from anywhere. This is a great security challenge because the user of the device is a trusted employee, however their BYOD should not have the same level of network access as the employee’s IT-controlled, and more secure, corporate device. This resulting ”dual device identities” mean that BYOD introduce more risk and variety into the network, and require a separate, appropriately restricted network policy. Also, IT administrators need to separately manage the on-boarding, access, and security policies of IoT devices connecting to the company network. This is an inherently difficult task due to the variety of devices, which can range from Apple smart watches, to climate control units, to home assistants such as Alexa.
Secondly, harnessing the automation of security tasks is a critical part of a protected network. In contrast to their more static forebears, modern NAC solutions have the capability of allowing device access to the network based on predefined policies set by the IT team. This includes being able to recognise BYOD devices versus company-owned devices.
The capabilities, operating systems and security functions of devices vary greatly. IoT devices in particular are a big challenge for network security, as they are often user-less. Also, many IoT devices are ‘headless’, meaning they do not have a display or keyboard, and therefore cannot be onboarded using a captive portal or other interactive methods. However, modern NAC solutions have evolved to include automated device profiling, by analysing devices’ unique electronic fingerprints to recognise the make, model and operating system. Once recognised, the NAC can segment devices into dedicated partitioned networks with policies suitable for the threat profile of that device type.
Automation can also be valuable for monitoring a network for unusual or unexpected activity, and taking quick action. For example, a monitoring system could recognise if a device was accessing the network from an unrecognised location or IP address. These features significantly increase IoT security and can do so at scale as no IT intervention is required.
Key business network needs
It is clear to see that our use of networks has evolved, and it is vital to use a modern NAC solution to keep pace with the growing challenge of maintaining network visibility, security and stability. Current networking technology isn’t designed to understand or secure IoT, and IT teams need to find a way to manage numerous devices to the network, monitor them and dictate from a centralised point what level of network access each one has. Harnessing centralised features like device profiling and tying them to sound automated policies, is the new standard for securing the enterprise. Only with these new modern tools can IT seamlessly manage IoT security at scale.