Can microsegmentation help IoT security?

Deploying microsegmentation as part of a broad IoT security strategy can enable more granular control of network systems and better isolation if a security flaw is exploited.

secure system / network security policy management
D3Damon / Getty Images

The Internet of Things (IoT) promises some big benefits for organizations, such as greater insights about the performance of corporate assets and finished products, improved manufacturing processes, and better customer services. The nagging security issues related to IoT, unfortunately, remain a huge concern for companies and in some cases might be keeping them from moving forward with initiatives. One possible solution to at least some of the security risks of IoT is microsegmentation, a  concept in networking that experts say could help keep IoT environments under control.

With microsegmentation, organizations create secure zones within their data centers and cloud environments that enable them to isolate workloads from each other and secure them individually. In IoT environments, microsegmentation can give companies greater control over the growing amount of lateral communication that occurs between devices, bypassing perimeter-focused security tools.

It might still be early in the game for companies to be using microsegmentation for IoT, but industry watchers see potential for IoT deployments to spur enterprises to adopt microsegmentation for more granular, less complex protection than traditional firewalls can provide.

IoT introduces new security risks

IoT security risks can include any number of threats involving the connected devices themselves, the software that supports IoT, and the networks that make all the connections possible.

As IoT deployments have grown, so have threats to security. There’s been a “dramatic” increase in IoT-related data breaches since 2017, according to a report from research firm Ponemon Institute and risk management services firm The Santa Fe Group. Further complicating the issue, most organizations are not aware of every insecure IoT device or application in their environment or from third party vendors. Ponemon’s research shows that many organizations have no centralized accountability to address or manage IoT risks, and a majority think their data will be breached over the next 24 months.

IoT security risks can be particularly high for industries such as healthcare, because of the high volumes of sensitive information being gathered and shared by devices over networks. Among 232 healthcare organizations surveyed by research firm Vanson Bourne, 82% had experienced an IoT-focused cyber attack in the past year. When asked to identify where the most prominent vulnerabilities exist within healthcare organizations, networks were cited most frequently (50%), followed by mobile devices and accompanying apps (45%), and IoT devices (42%).

READ MORE: Penn State secures building automation, IoT traffic with microsegmentation

How microsegmentation helps IoT security

Microsegmentation is designed to make network security more granular. Other solutions such as next-generation firewalls, virtual local area networks (VLAN), and access control lists (ACL) provide some level of network segmentation. But with microsegmentation, policies are applied to individual workloads in order to provide better protection against attacks. As a result, these tools provide more fine-grained segmentation of traffic than offerings such as VLANs.

What’s helped advance the development of microsegmentation is the emergence of software-defined networks (SDN) and network virtualization. By using software that’s decoupled from network hardware, segmentation is easier to implement than if the software were not decoupled from the underlying hardware.

Because microsegmentation provides greater control over traffic in data centers than perimeter-focused products such as firewalls, it can stop attackers from gaining entry into networks to do damage.

To continue reading this article register now