We’ve been talking about the obstacles of securing IoT devices for several years now, and if anything, it’s gotten more challenging. IoT is widely used across the nation’s critical infrastructure sectors, federal healthcare, energy and transportation agencies, as well as the military. Smart environmental controls make offices and bases more operationally efficient and safer. Return to office is driving a new wave of IoT systems, as organizations invest in collaboration and hotdesking technologies.
The proliferation of IoT creates challenges for federal IT leaders. IoT devices are susceptible to many of the same risks as IT and BYOD devices – and more. Their small size and low power often means that IoT sensors, controllers and other devices can’t use traditional authentication and encryption. Many operational technology and industrial control systems still in use were designed before internet connectivity was commonplace.
As the volume of IoT devices and data grows exponentially, closing the IT security gap is harder. Recent Ponemon research highlights the extent of the challenge: 63% of the cybersecurity professionals surveyed said they lacked visibility and control into the activity of every device – mobile, BYOD and IoT – that was connected to their IT infrastructures. They are well aware of the risks: 67% said that identifying and authenticating devices accessing their networks was critical to their organization’s security strategy.
The Ponemon study also shows progress on closing the IT security gap, as more than half of enterprises have adopted Zero Trust principles, double from two years ago.
Accelerate IoT-driven digital transformation with strong security
HPE Aruba understood from the beginning of our company – and long before the popularization of the “Zero Trust” term – that security must be fully integrated into the network, whether connecting IoT, mobile or BYOD devices. An Aruba network creates a unified environment across campus wireless and wired, branches, remote workers, and the WAN, with built-in role-based, context-aware access controls and end-to-end visibility and orchestration.
Federal IT leaders can choose a traditional network architecture with on-premises management or a cloud-managed deployment. Aruba Central for Government is the industry’s only “all in one” cloud-native network management system to achieve FedRAMP Authorization, with the Authorization covering wireless, wired, and remote.
Here are five ways that Aruba helps federal IT support IoT security.
1. Unify and simplify network infrastructure – IoT devices use different connectivity types, including Wi-Fi, Bluetooth Low Energy (BLE) and Zigbee, and these communication protocols can require vendor-specific gateways to manage devices and collect data. But the use of IoT gateways obscures devices on the network, and that lack of visibility increases risk.Aruba access points support Wi-Fi 6, Zigbee, BLE, and PoE to address a broad range of devices and eliminate the need for an overlay network that ultimately creates blind spots. Aruba supports IoT, BYOD, and mobile devices while simplifying the network and reducing costs.
2. Securely segment IoT devices on a shared network infrastructure – Segmenting IoT systems from IT systems is critical to mitigate risk, but manual, VLAN-based approaches don’t scale for large deployments. Aruba Dynamic Segmentation is a critical capability, as it establishes least-privilege access to applications and data by segmenting traffic based on identity and associated access provisions.At the same time, agencies can support multiple classification levels on the same physical APs, which increases flexibility and lowers costs. With Aruba MultiZone APs, each zone controller can be configured to support confidential, secret and top-secret communications over a shared RF infrastructure, each managed by different mobility controllers and administrative staff.
3. Complete visibility into devices connected to the network – Knowing who and what is connected to the network is a clear first step to a secure environment. But IoT devices can be particularly difficult to identify, making it hard to apply policies accurately. That's because many IoT devices are produced by emerging vendors and cannot communicated with standard endpoint discovery and profiling techniques. It’s also common to see IoT devices built with generic hardware, such as raspberry pi, making it difficult to know exactly what the device is supposed to be doing.Aruba Client Insights, a part of Aruba’s ClearPass secure network access solution, can profile devices with 99% accuracy – the most accurate in the industry. With Aruba IoT Operations, network managers can see all of their non-Wi-Fi connected devices connected to Aruba Central-managed APs as well as IoT connectors and applications from a single dashboard.
4. Zero Trust network access with continuous enforcement – Deny-by-default, least-privilege access based on identity ensures that people and devices of all kinds only have access the resources they need is critical not only for IoT but also mobile and BYOD devices.
Aruba ClearPass provides robust, Zero Trust network access control with granular role-based policies for authentication and authorization of IoT, BYOD, and mobile devices across wired, wireless, or a VPN. Policies are enforced based on a user’s role, device type and role, authentication methods, endpoint management attributes, device health, traffic patterns, location and time of day. AI-driven, continuous monitoring of devices is critical to spot anomalies and stop the spread of malicious activities.
5. The highest levels of data protection – Aruba supports centralized, end-to-end encryption to protect data privacy and integrity. Aruba’s encryption/decryption engine delivers the highest levels of security without sacrificing performance, with support for FIPS 140-2/3 validated 802.11i, NSA Suite-B crypto termination.
Securely bridge the physical and digital worlds with Aruba
IoT bridges the digital and physical worlds to bring to life innovations, new experiences and greater efficiencies with use cases like smart buildings and smart bases, real-time emergency response, people and asset tracking at hospitals, depots and other facilities, and predictive maintenance for fleets and machinery. IoT systems are increasingly part of the office workplace, as organizations make the office a place people want to go. With an Aruba network, federal, state and local governments can confidently connect and protect their growing number of IoT devices and use cases.