EDITOR ’ S COMMENT the network where to send the traffic and subsequently defines rolebased access levels and security restrictions such that IoT devices can only communicate with IoT headend systems . It ’ s this level of zero trust dynamic segmentation that isolates threats and prevents cybercriminals from gaining access to the wider network ; since traffic in one segment is isolated from traffic in other segments , it prevents unauthorized access and means that even if a threat were to appear , its impact is contained only to the segment in which it emerged . Moreover , with an integrated zone-based stateful firewall , enterprises can secure remote sites and IoT devices from any potential nefarious incoming threats by blocking them .
A good example of this in action can be seen in the difference between how you might secure PoS and HVAC systems at a remote site . In the case of PoS device , given the sensitive nature of customer information involved a business may wish to direct the data back through the corporate data centre where it hosts the credit card transaction processing application , allowing the existing firewall security services to verify the traffic . However , the same business may not want or need to handle data from HVAC in the same manner . Instead , it could define a separate policy that intercepts and directs that traffic to a cloud-delivered security service , for additional inspection enroute to the IoT control centre hosted in the public cloud . Since the two traffic types are kept separate and adhere to different security policies , a breach in the HVAC segment would not compromise any credit card and personal data in the PoS segment .
Safeguarding cloud-first enterprises
As well as the clear advantages of segmentation and isolation , the other benefits of an advanced SD-WAN edge platform in an IoT environment are its abilities to autonomously track and respond to threats . It continuously monitors the state of the enterprise network and IoT applications to detect changing conditions – including spotting a DDoS attack – and will then trigger immediate , automated real-time responses to mitigate the impact of any security threat events .
This is critical in a cloud-first environment where rapid change , increased data , and potential cyber threats are growing in equal
With an advanced , business-driven SD- WAN edge platform , enterprises can mitigate the risk of exposure to breaches associated with IoT devices without the need to install ZTNA agents .
measure . According to IDC , the cloud services market alone will exceed US $ 1 trillion by 2024 , so it ’ s safe to assume that cloud-first enterprises are set to be the new norm . However , this transformation cannot rely on legacy security infrastructure or manual policy changes . Cybercriminals will be quick to identify any unsecure IoT device and businesses must be ready to detect and respond to intrusion instantaneously . Technology leaders must ensure they are safeguarding their enterprises throughout their transformation journey to ensure they are ready and able to embrace IoT ’ s benefits without putting the corporate network at risk .
When applied correctly , IoT devices can help automate business operations , drive significant operational efficiencies , and deliver real-time intelligence that makes organisations more agile . But as enterprises continue to deploy more and more connected devices , it ’ s critical to manage the unique security challenges associated with them . An advanced SD-WAN edge platform unifies the advanced technologies required to identify , classify , segment and secure the network and ideally suited to maximise the return on enterprise IoT investments , while protecting the wider business network and operations . •
INTELLIGENT TECH CHANNELS Issue 47 17