How to defend enterprise access from IoT
The rapidly growing number and variety ofconnected devices and sensors that form the Internet of Things (IoT) areplacing enterprise wireless LAN infrastructure and access at greater risk ofsecurity breaches than ever before.
According to Gartner, 20.8 billion IoTdevices will be connected by 2020, forcing organizations to grapple with anexponentially expanding attack surface.
These ‘things’, ranging from industrialrobotics to advanced medical sensors, generate massive amounts of critical dataand network traffic. But they are also typically unsecured and unable tosupport common client-based security solutions.
Findings from the Fortinet WirelessSecurity Survey 2016, undertaken in March 2016, show that while pervasive Wi-Fiaccess for personal and professional devices has made bring-your-own-device(BYOD) a well-accepted business practice, only 41% of IT decision makers inAsia Pacific believe they have some form of secure access in place. The onlinesurvey polled 1,300 qualified IT decision-makers in 11 countries worldwide,including Australia, Hong Kong, Japan, Singapore and the US.
About half of Asia Pacific respondents inthe Fortinet survey were concerned about loss of sensitive corporate orcustomer data while 23.3% and 11.8% of them rated industrial espionage andnon-compliance to industry regulations, respectively, as their biggest risk.About 95% of respondents in the Asia Pacific are also very concerned orsomewhat concerned about IoT security.
Closing the gap
Not surprisingly, IT organizations arepressured to step up their security posture across the enterprise, bringingwith it challenges due to increased complexity as well. However, they stillhave to adopt an uncompromising approach to tackling security threats withproper integration, management and control of multi-vendor solutions.
Organizations need a cohesive andcollaborative suite of security products to effectively close the gaps betweenislands of security products, especially between the expanding access layer andadequate cybersecurity protection, and to drive optimal performance throughoutthe security solution.
Integrated protection should also be drivenby unified network operations, ease of management and deployment flexibility.Among the survey’s Asia Pacific respondents, 78.3% combined cyber security withenterprise access and 64.5% enabled segmentation of devices and access layersacross wired and wireless networks.
Dove-tailing with these issues andrequirements, Fortinet delivers the Secure Access (SA) solutions, whichinherently encompass security across the entire access infrastructure and canbe applied to both wired and wireless networks. The SA solutions form anintegral component of the Fortinet Security Fabric.
This cohesive and collaborative approachalso enables the management of the entire Fortinet Security Fabric through asingle pane of glass.
The Fortinet Security Fabric leverages onthe FortiGuard Labs, which is an in house threat intelligence research andadvanced security services agency, staffed by about 200 security specialiststhat started when Fortinet was founded. FortiGuard Labs empowers ITorganizations to not only better prevent and detect, but also mitigate advancedthreats from IoT and mobile devices that are expanding the attack surface. Thisbuilds a security platform that is truly proactive to protect the enterprisenetwork.
Fabric-driven secure access
Such an approach provides organizationswith an integrated and scalable security platform that effectively secures theaccess layers from threats that put mission-critical infrastructure andhigh-value data at risks, while its unified management simplifies theadministration of security policy controls across wired and wirelessinfrastructure.
The latest easy configuration, advancedanalytics capabilities and assisted one-click action in the FortiOS 5.4, forexample, are just a few of the many new features that enable enterprises tobolster the deployment of a layered, but cohesive and collaborative securitystrategy. Coupled with Internal Segmentation Firewalls, such a strategy allowsfor better internal security and sandboxing that isolate and remediate anyadvanced persistent threats that may have made it past the perimeter of thenetwork.
Fortinet’ SA comes in 3 deployment options,providing flexibility that enterprises need to best suit their environment:
- Infrastructure: This quick and flexibledeployment option is ideal for enterprises that plan to deploy and integrateFortinet’s SA solutions, while continuing to leverage on their existing orpreferred third-party security solutions, across their wired and wirelessinfrastructure
- Integrated: Distributed enterprises seekinghyper-scalability and simplified administration with integrated management ofboth security and access, can leverage the Fortinet firewall or securityappliance as a wireless LAN controller, or use Fortinet network switches toextend the reach of wireless access points (APs), lowering total cost ofownership
- Cloud: For organizations with remotebranches or offices that lack required expertise on-site, Fortinet offers acloud-hosted security and access controller that manages intelligent APs at theremote sites. The APs have built-in security on a chip to ensure resilientsecurity and access even when they are disconnected from the wirelesscontroller that resides on the cloud.
“Providing secure internet services for ourglobal shopping community of over 5.3 million members, 60,000 partners and1,000 employees across 47 countries requires solutions that are interoperable,easy to implement with existing infrastructure, and on the cutting edge ofsecurity,” says Siegfried Unz, director of dataservice at Lyoness Group AG.“Fortinet has been the right choice for us, with its Secure Access solutionsgiving the wireless side of our network the same level of broad security as thewired network.”
It is a fact that IoT will create new risksand layers of vulnerability. To mitigate these risks, Tyson Macaulay, the chiefsecurity strategist and VP of Security Services at Fortinet, urgesorganizations to examine them within the framework of a formal risk assessmentprocess. The process covers asset inventory; requirements and sensitivityanalysis from the perspective of asset confidentiality, integrity, andavailability; threat analysis; vulnerability analysis; and risk assessment andmitigation.
Macaulay points out that organizations needto address IoT risks not just to protect personal information, but also toprotect critical infrastructure such as nuclear facilities and power grids,transportation systems and healthcare systems – all of which are adopting anddeploying IoT devices into their products and environments.