With the arrival of 5G, the trend towards cellular-based IoT projects shifts beyond low-bandwidth massive IoT applications towards more advanced broadband IoT use cases that require higher throughput, lower latency, and larger data volumes. These use cases include security cameras, drones, and connected cars. The integration of IoT devices into business processes to track assets, manage fleets, monitor patients, and ensure proper functioning of production systems represents a vast virtual expansion of the enterprise network perimeter, exposing a broader attack surface to hackers and criminals.
IoT devices often have limited processing power, storage, and may use proprietary operating systems, making them unable to support a client-based security software model. They are also transient and may cross multiple network boundaries, making traditional IT security controls inadequate. For “off-network/beyond the perimeter” devices, enterprise IT organisations have limited options for enforcing security controls and little to no visibility on device performance and behaviour. To overcome these obstacles, organisations are increasingly embedding secure networking into the app itself, or leveraging the device SIM.
The mobile network edge is the convergence point for data between endpoints and the cloud, making it a critical location to enforce strong security measures. As businesses adopt hyper-connected transport, healthcare, logistics, retail, and industrial value chains, the risk of cyber-attacks increases. As mobile networks become more open, widespread, and built using APIs, and as workloads move to multi-cloud environments, the threat from cyberattacks and attack surface widens.
“Most of the deployed API-based applications rely on public or mobile internet as the main data transport, which creates a potential for a multi-fold increase in cyberattacks on vulnerable IoT endpoints and API clients.”
Vulnerable API endpoints and gateways need to be protected more comprehensively by enabling developers to embed private, zero-trust capabilities in API client and publisher endpoints. This then enables the API publisher to stop exposing endpoints to the Internet – each API session instead leverages a private network, zero trust overlay.
For remote and mobile IoT devices, IT organisations have limited options for enforcing security controls and have almost zero visibility on the performance and behaviour of the devices.
“CIOs must adopt a comprehensive security strategy to protect their endpoint assets.”
Endpoint-enforced security, which requires an agent to be installed on each device, may not be viable due to device support and the associated management costs. Meanwhile, backhauling all the traffic to the cloud may have a latency impact on application performance, and result in high cloud egress costs. These are key reasons why leading organizations are now embedding the zero trust networking functions into the app itself, and using SIM-based approaches.
CIOs like Sanjay face a challenge in securing remote IoT devices, such as CCTV systems. Sanjay initially considered endpoint enforced security, but it would have created high operational complexity and cost, especially at scale. Proxying the traffic to the cloud meant too much added latency and high cloud egress costs.
Sanjay and his team have decided that the best option is a network edge security approach, orchestrated from the core network, that eliminates the need for security agents on each device, and does not require all traffic to be backhauled towards a specific cloud environment.
“This approach offers several key benefits over traditional cloud or endpoint security solutions, by eliminating latency impacts on application performance and reducing the operational pain of managing agents across distributed devices.”
In conclusion, CIOs must be aware of the potential threats posed by API-based applications and adopt network edge-based security solutions that follow zero trust principles to protect their enterprise endpoints from cyber-attacks in a rapidly changing technological landscape. Mobile SASE and Zero Trust, when used in combination, provide a comprehensive solution to protect against cyber-attacks, ensuring business continuity and resilience.
To learn more about Tata Communications’ SASE and Zero Trust solutions, click here.