IoT at MWC: We need secure network infrastructure – not shiny rings – to keep us safe

volcano
Credit: AllTime10s screen shot

Wearables, sensors, batteries, cool apps, great wristbands – sure, those are necessary for IoT success, but the real trick is to provision reliable, secure and private communications that Black Riders and hordes of nasty Orcs can’t intercept

Barcelona, Mobile World Congress 2016—IoT success isn’t about device features, like long-life batteries, factory-floor sensors and snazzy designer wristbands. The real power, the real value, of the IoT is in the data being transmitted from devices to remote servers, and from those remote servers back to the devices.

“Is it secret? Is it safe?” Gandalf asks Frodo in the “Lord of the Rings” movies about the seductive One Ring to Rule Them All. He knows that the One Ring is the ultimate IoT wearable: Sure, the wearer is uniquely invisible, but he's also vulnerable because the ring's communications can be tracked and hijacked by the malicious Nazgûl and their nation/state sponsor of terrorism. 

+ DID YOU MISS MWC? See all the news from the show +

Are IoT communications links secret? Are they safe? Are they reliable, consistent, and easy to manage by the device’s service provider? (I haven’t seen the specs for the wireless provisioned by Mordor, but we could call it 3rd-Age-G.)

At Mobile World Congress 2016 this past week, the unquestioned buzz was mostly about the forthcoming 5G wireless trials, but the IoT was a close second. Sure, many of the most attention-getting IoT (and 5G) discussions were about specific devices, such as smartphones, wearables, connected cars and industrial systems.

Fortunately, everyone seemed to realize that without safe, secure, persistent, affordable and management communications, the IoT is a #FAIL. And that means not only the last mile (say, 5G) over-the-air link, but all the mobile backhaul, intracarrier and intercarrier links. It also means the fixed server end of the data flow, that is, between telcos and cloud service providers, enterprise data centers, and collocation facilities. After all, a tunnel is vulnerable on both ends, as well as in the middle.

Here are some of the announcements at Mobile World Congress that struck me as being especially relevant to the connectivity, privacy and security issues of the Internet of Things, even if none of them require devices to be forged in the molten lava of Mount Doom.

One Platform to Rule Them All

Every mobile vendor says it offers the only IoT platform you’ll ever need. The secret sauce offered by Accelerite with its Aepona IoT is cloud provider portability, specifically to let IoT developers build and deploy applications in any cloud platform, such as Amazon Web Services, IBM Bluemix or Microsoft Azure. At the conference, Accelerite showed its cloud-neutral capabilities with an industrial equipment remote monitoring and field support dispatch use case, perfect if you’re trying to instrument the far-flung pastoral farthings of the Shire.

How about smart cities? That’s a powerful and important use case for the IoT, and Libelium has come up with a marketplace (cleverly called The IoT Marketplace), offering everything from hardware sensors to cloud applications to speed IoT adoption. The marketplace has out-of-the-box kits containing programmed sensor devices connected to specific cloud applications for use in pilot projects or proof of concept tests to minimize time to market – and security is a big part of the package. I think Rivendell will be a potential customer.

Connecting smart cities requires smart roads, or at least some intelligence in the vehicles traversing not-smart roads. Transportation and logistics is the bailiwick (not to be confused with Balrog) of Orbcomm, which has released the tools for turning commercial vehicles into IoT endpoints, with devices and fleet management applications. The company has a variety of hardware and software products, and the one that impressed me most is its Orbcomm Enterprise Connect, an end-to-end 4G xLTE wireless failover system for distributed enterprise, financial, hospitality and retail locations that need reliable, high-bandwidth WAN connectivity for M2M and IoT applications. Even Sauron can’t afford to lose touch with his maurading Black Riders.

Treebeard keeps you safe, and is strong enough to take down black-hat wizards. However, while you can’t subscribe to Ents-as-a-Service, carriers can sign up to resell a set of new Security-as-a-Service packages from Wedge Networks. According to the company, its new IoT Security and Compliance Enforcement packages provide IoT optimized security and compliance services with enforcement at the cloud layer to consistently apply policies to all network connected devices, both physical and virtual. There’s also a healthcare package designed for Health Information Privacy and Accountability Act (HIPAA) compliance obligations to medical device manufacturing which is far less regulated but increasingly dependent on IoT stuff.

Gandalf the Gray advises that you never know who might be watching when you use a palantír — one of Middle Earth’s seeing stones, not unlike a baby monitor. In our world, you want to make sure that the carrier provisioning the tunnel between IoT and server is safe. For that, AdaptiveMobile introduced Network Protection Platform (NPP) version 6, said to provide consistent security against current and emerging threats to communication service providers. According to the company, NPP 6 delivers strong security against mobile threats, SS7 protection and gray route controls.

(A gray route is a data link which is legal on one side of the link, but illegal on the other. Consider routing around a national firewall or tariff barrier to make phone calls or access censored websites. This behavior is perfectly acceptable and perhaps encouraged in one country, but forbidden in the other.)

You also never can know when transmission errors will make hash out of the communications, perhaps due to a fault, perhaps due to architectural issues, perhaps due to pirates like the Corsairs of Unbar. Two companies are collaborating on this issue, combining Spirent Communications’ Landslide EDGE and CORE end-to-end service validation tools for fault isolation in the mobile backhaul with Jolata’s TruFlow Analytics. Like pouring reverse-osmosis water to the Mirror of Galadriel, the combo tests emulates real and virtual networks using VoLTE, WiFi, SDN/NFV and lots of other acronyms. The benefit? The detection of packet loss, jitter, delay, or latency issues, with multipoint end-to-end segmented vision in real time, and reducing the fault isolation time to minutes, down to device, port, or flow level.

Speaking of partnerships, CENX hooked up with Ixia, Mitel and VMware to demonstrate mobile data services for virtual Evolved Packet Core (vEPC). Orchestrated by CENX’s Exanova Service Intelligence software, the demo showed that mobile service providers can assure high quality of experience (QoE) for VoLTE, VoWiFi, and data enterprise and consumer subscribers, over large-scale, hybrid networks including vEPC. What’s the tie-in for the Internet of Rings, I mean, Internet of Things? To support the new traffic patterns generated by the IoT, service providers need agility, elasticity and cost-efficiency of NFV infrastructure, with real-time, continuous monitoring and analytics of millions of network events. The four-vendor demo showed optimized real-time service assurance within the context of Lifecycle Service Orchestration.

One last example: Citrix is another company tackling IoT security, in this case with its new NetScaler ByteMobile T1000 traffic director and application delivery controller (which is the three-word way of saying “load balancer”). The rackable pizza box is on top of the trend for carriers provisioning mobile and IoT services, which is centered on virtualization: The T1000 (hey, I’m thinking of a different movie franchise here) is certified with OpenStack distributions from Red Hat and Mirantis, and can be deployed as a physical network function as well as a virtual function. The system also includes Citrix’s ByteMobile software for adaptive traffic management. If you can’t manage the incoming traffic (visualize bazillions of Orcs and trolls storming Minas Tirith flinging boulders and telemetry packets with wanton abandon), you can’t deliver SLAs at Valinor-mandated service levels.

Beginning of a New Age

Everything changes with IoT and 5G. Everything. Rich connectivity, powerful software are unleashing a tremendous number of compelling applications. Don’t be seduced by the sexy new hardware; all that is gold does not glitter. The true power of the IoT is in the data, and in the safe, secure and persistent links between IoT devices and back-end servers. Some of those links are unidirectional, for telemetry; others are bidirectional and will empower consumers and industry. We are at the very beginning of a new era. It’s pleasing to see so many vendors working hard to ensure that skies remain clear of crow-like crebain, sent to spy and steal our information. Keep it secret. Keep it safe.

This article is published as part of the IDG Contributor Network. Want to Join?

Must read: 11 hidden tips and tweaks for Windows 10
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies