Access Control and IoT Security

The business enterprise is changing, with mobility at the heart of the connected experience. 

IoT_access_controlThe number of connected ‘things’ exceeded the human population in 2008. Gartner predicted that 4.2 billion of those connected things would be deployed in the enterprise environment in 2018, with that number expected to grow to 7.5 billion in just two years.

This unprecedented volume of network traffic makes spoofed, infected, hijacked, and rogue devices hiding in the noise of a constantly shifting network an increasingly serious security challenge.

By 2020, it is estimated that network breaches will affect over 1.5 billion people, with no decline in sight. In such an environment, finding a compromised device is literally like finding a needle in a haystack.

It’s the classic security challenge. Security managers need to secure every single device every single time, while criminals only need one open port, one compromised or unknown device, or one uncontained threat to circumvent all of the effort going into securing the network.

The key to solving this challenge is access control.

Once an organization achieves total visibility of all devices connected to the enterprise, the next step is to establish dynamic controls that ensure that all devices, whether wired or wirelessly connected, are authenticated or authorized, and are subject to a context driven policy that defines who, what, when, and where connectivity is permitted.

Ensuring that only the appropriate people and devices can connect to and access appropriate applications, infrastructure, and assets is a natural extension of the domain security-based policy approach that the enterprise has harnessed for 30 years.

The idea of controlling the network by controlling access to any device seeking access is still a great idea. That’s because it’s really the only possible method for ensuring the integrity of a network that is in constant flux.

Such an approach—where no unknown devices ever gain access to the corporate infrastructure, permitted devices are automatically segmented based on policies and roles, and connected devices that begin to behave badly are immediately quarantined from the network—becomes the foundation for a comprehensive positive security posture.

intlx Solutions is a Fortinet partner.