Starting May 2, 2024, find new blogs on HPE Community. Questions? Contact us

Go to new blog site

HPE Aruba Networking Blogs

IoT Security – The Next Frontier for SD-WAN

By Scott Raynovich, Founder and Chief Analyst, Futuriom

Just as you thought software-defined wide-area networking (SD-WAN) technology was maturing, it’s evolving yet again. The latest evolution comes as enterprises tackle new security challenges associated with Internet of Things (IoT) devices – introducing the requirement for a Zero Trust security framework at the WAN edge.

As the cloud-first infrastructure that sits at the intersection of networking and security, SD-WAN has demonstrated that it can be the go-to platform for connecting users securely and directly to applications wherever they reside. The latest demonstration of its growth potential has been the expansion of cloud-delivered security services that can be integrated with SD-WAN, to create a Secure Access Service Edge (SASE). Looking forward, SD-WAN will be tasked with intercepting and securing IoT device traffic to contain emerging threats and prevent lateral movement in the event of a breach.

SASE means that SD-WAN can easily extend and integrate security functions for new use cases, including IoT and the remote-access “edge,” which can be anything from a remote worker on a laptop to a point-of-sale (POS) device or a surveillance camera. As the cloud pushes out further to the edge, it will become imperative that users and devices can only communicate with destinations consistent with their role and security posture. Augmenting application intelligence with role-based policy will enable enterprises to dynamically segment and isolate traffic based on context, providing consistent and automated definitions of roles that can be enforced network-wide from the user or device through the LAN and across the WAN.

Let’s dive a bit deeper on how this will all happen.

The Remote Device Explosion

The number of devices and connections has exploded, making it more challenging to dynamically connect the mix of people, devices, and resources – none of which necessarily lives in any permanent fixed physical location.

Devices are proliferating on the IoT side, with the rise of industrial automation, retail analytics, and smart cities. Whether it’s a traffic light or a robot on the factory floor, a wide range of new devices require secure connectivity.

At the same time that the number of devices explodes, the mobility of the workforce is expanding. A variety of studies show that remote workforces are here to stay, with anywhere from 40 percent to 60 percent of the workforce expected to be working remotely going forward. As a greater share of the workforce goes remote, connecting to enterprise networks using a variety of devices from virtually any location means the attack surface will expand dramatically.

Legacy network and security architectures were never designed to address this complex mix of users, devices and locations, because they were tied to inflexible networks that were nailed into specific devices or locations by perimeter-based security architectures. Conversely, SD-WAN and SASE use a software approach to help managers build agile network services that are spun up on demand.

The ability to rapidly adopt new security features is a key draw for enterprises with SD-WAN deployments. According to Futuriom’s June 2020 SD-WAN Growth Report, which surveyed more than 100 end users, the top four benefits of SD-WAN adoption were improved security, better management/agility, bandwidth optimization/cost savings, and faster cloud application performance.

The new world requires a Zero Trust security model that can authenticate both users and devices using a variety of techniques and dynamically segment traffic based on this context. One of the key benefits of SD-WAN, our research has shown, is that it can integrate security features such as Zero Trust authentication and encryption.

Locking Down IoT Devices

As the Zero Trust security approach makes its way toward IoT devices, it couldn’t come at a better time. According to the Ponemon Institute, an independent security research firm, organizations experiencing security breaches of IoT devices increased from 15 to 26 percent during the three-year period of 2017-2019. A Ponemon survey found that IoT risks were perceived as increasing. Fifty-nine percent of respondents said the IoT ecosystem is vulnerable to a ransomware attack. Other reasons for the increase in IoT risks are the inability to determine whether third-party safeguards and IoT security policies are sufficient to prevent data breaches with 55 percent of respondents acknowledging difficulty in managing the complexities of IoT platforms due to the number of third parties.

The network needs to connect to any device or application, anywhere, including micro-segmentation and granular perimeter enforcement based on endpoint locations and other contextual data.

Here are the things to look for as Zero Trust security, SASE, and SD-WAN converge for IoT and remote access:

 Role-based security. User identity is the key attribute for delivering security and network access, not an IP address. A variety of network identity attributes need to be used to authenticate users and devices, such as the username, role, group, device OS and the unique MAC address of the device, including its posture.

Zero Trust and the dissolving security perimeter. In the Zero Trust model, users and devices are never trusted whether the connection is made inside or outside the traditional security perimeter. Zero Trust security ensures that the same controls applied to campus or branch networks extend to remote users and IoT devices. This requires having device insight to intelligently discover and profile all network connected devices to deliver full spectrum visibility of everything on the network. Next generation role-based user, device and application policy firewalls provide dynamic segmentation functionality to deliver effective wireless and wired access security across any environment.

Flexible Service Orchestration. In past legacy networks, secure networking often required specialized hardware or proprietary VPN tools. In the SD-WAN market, cloud-delivered security services can be added using service orchestration, providing integrated security and VPN at the device level with software, without the need to deploy specialized devices. This applies whether a network is connecting IoT or business-class networking at the home office.

As demand for flexible security tools for IoT and remote access increases, SD-WAN will continue to evolve to become the preferred platform to manage these new functions and capabilities.

Learn more about Aruba solutions at:

Aruba SD-WAN solutions

Aruba SD-Branch and Network Security solutions

Aruba EdgeConnect SD-WAN solution

Read my other blogs:

Desperately Seeking SASE: SD-WAN and Security Converge

Why SD-WAN and Security are Converging