Get HIP or Start Planning IoT’s Funeral

Stu Bailey

Hype. There’s lot of it with the Internet of Things (IoT). Unlike virtual reality, self-driving cars and other hyped technologies, IoT hype is not going to fade away. By 2020, the Internet of Things (IoT) will include somewhere between 20 billion and 50 billion connected “things.” The magnitude of what we could accomplish by connecting all of these disparate devices is right up there with bringing electricity to far-flung places—it will be life-changing for individuals and businesses.

It also won’t be easy. Enterprise IT will have to somehow wrangle an overwhelming number of devices.  Scale is an obstacle. It’s certainly the one we most hear about, probably because IoT proof of concepts hit this roadblock first. IoT scale at the infrastructure level is very different from the human scale that enterprise IT is used to supporting. With IoT, data centers will have hundreds of thousands or millions of things talking to each other. While scale is challenging, it is not a fundamental barrier to entry.

Operating costs will be the life or death of enterprise IoT.

Operating costs are directly tied to securing IoT.

Anything connected to the Internet has the potential to be exploited, and the sheer number of connected IoT devices means protection will cost more. Many networks are not designed to handle even very small lightweight devices let alone millions of ephemeral devices transmitting sensitive information. The surface area is bigger. Firewalls and VPNs require expensive resources to deploy and manage in large numbers. When you exponentially increase the number of connected devices on your network, your operating expenses to protect them cannot feasibly increase in step.

But the risks are too great to leave these devices unprotected. An unsecured device on the enterprise IoT, if accessed by hackers, could wreak havoc. Take a healthcare setting where medical devices use connected sensors to deliver pain medications or insulin, monitor vital signs and alert practitioners to anomalies, or control life-saving procedures like dialysis. Hackers see these unprotected IoT healthcare equipment as an easy target to springboard to a hospital’s servers in order to steal medical record data. Hacking these devices opens the door to massive theft of data but can also put patient safety in jeopardy. There’s even an instance where patients hacked their own IV pump to increase their dosage of pain medications, which led to overdose and respiratory problems.

The questions for enterprise IT becomes: How do we overhaul our networks to secure all of these things without significantly increasing operating costs?

As we saw from the scenario just last fall where defenseless IoT devices were used for a distributed denial-of-service (DDoS) attack on a massive scale, we can’t rely on the IP protocol to secure IoT. The industry identifies network devices using IP addresses, but the IP protocol was not designed as a secure protocol. IP addresses are too easily spoofed. Adding to the complexity of securing IoT, the default for today’s networks is for all devices to be fully visible to everyone on the network.

What enterprises need is a sustainable method to address the problems of identity and visibility in the face of the coming explosion of IoT devices. This framework must facilitate strong authentication between a device and server and between one device and another device so that only trusted devices can communicate with enterprise infrastructure.

The good news is that a solution exists today in an industry protocol called host identity protocol (HIP). HIP was specified in the IETF HIP working group and has matured over the last 15 years. With HIP, an IP address can be cloaked or hidden with a unique, non-spoofable identity-based address. It’s like retinal scanning of your network devices. This means a device or an entire network becomes invisible by default—you can’t breach what you can’t see. You can read more about HIP in my article in Dark Reading.

This is the approach that Tempered Networks takes in its Identity-Defined Network. Their HIP-based solution is an overlay to the existing network layer that is non-disruptive. HIP has enabled a new identity networking paradigm, where a trusted identity can effectively be native to every connected thing. HIP Services combined with centralized orchestration make it simple for customers to instantly and securely connect, segment, cloak, move, failover, or revoke any IoT device, anywhere. HIP should be on every networked client, device, sensor, system or application to achieve a secure and mobile Internet.

If we can remove the real barrier to enterprise IoT adoption—increased operating costs—and overcome the failings of antiquated and flawed network security, we can stop talking about how we safely connect our enterprise “things” and bring to life the real potential of IoT.

To learn more about HIP and Tempered Networks’ Identity-Defined Network, download their technical white paper here.