How secure are your IT systems in the age of 5G and IoT?

The new normal for enterprises is undoubtedly characterised by a digital-first mindset. With the expected continued boom of 5G and the Internet of Things (IoT), businesses will be cashing in on these technologies to simplify their processes, save on operational costs, and revolutionise customer experience.

However, how can enterprises ensure that their IT infrastructure is adequately protected from cyberthreats, like ransomware, amid the promising benefits of 5G and IoT?

In a panel titled “Internet of Things, 5G and the Future of IT Infrastructure,” part of the latest IT Infrastructure Frontiers online conference organised by Jicara Media, IT experts discussed developments in 5G and IoT, and how enterprises can protect themselves from the risks inherent with these technologies.

For Andrew Draper, Regional Vice President – Asia Pacific & Japan at Armis, enterprises are embracing all these new technologies because of the scale of business solutions the latter can provide.

“Time, money, and business efficiency— (these are) the reasons why companies have gone to the cloud. That’s why people are looking at hyper converged infrastructure. And that’s why people are investing money in IoT devices and 5G technologies, not only for the betterment of the consumer, whether the consumer be somebody whose life needs to be saved, or somebody who’s using a building tomorrow, or somebody using financial services (or) products. Companies are investing (in) these technologies to save money and time,” he remarked.

For Tushar Vagal, the Head of Digital & IT at Larsen & Toubro, technology is allowing their company to implement projects with high regard for the environment, enabling more efficient delivery of critical resources, like power.

“(The) greenhouse gas emission problem is because of the buildings. It was always thought (to be caused by) motorcars or other things, but no— it’s because of the buildings. How can we help the network be so smart that we reduce energy consumption? Okay, we will dim the lights,” he said.

“Secondly, the data has to flow. Now, all devices are powered by electrical wires. We should go for PoE-based devices— Power over Ethernet. Once you do that, not only can we get data and pass the electricity, but we can also dim the lights, control the flow of air conditioning, and do many more. This will definitely help us save the environment. Everybody in the world has to do that now, and the networks are very, very important for this,” Vagal added.

However, the phenomena of connected devices poses an immense security risk as well, since virtually every living soul on the planet who owns a smartphone relies on the internet on a daily basis.

“But (what) if I told you (that) in one year’s time, there will be 52 billion devices on this planet Earth, and 80% of those devices for their lifetime, they will be completely unmanaged? There in itself is the scalability and sheer size of the problem that we’re facing today as an industry, or as individuals with money in a bank, or people who want to use services. Because that sheer size, the scalability, the amount in which these devices were actually originally designed to be used, they’re not designed at any means to have any form of traditional endpoint or EDR control loaded onto them, and to be able to be specifically managed in the way and the tools that we have today,” Draper said.

“Certain technologies or usage of things we would never have assumed, would end up being a source of security risk. The smart TV, for example, in a boardroom, from the point of view of being a (normal) device, to video conferencing being used (for) corporate espionage and things like that,” he elaborated.

Security preparations

With the massive data requirements of 5G and IoT, not to mention the underlying security aspect, enterprises could be at a loss on which ones to prioritise. 

Vagal, therefore underlined a step-by-step plan to guide businesses in seamlessly deploying critical infrastructure.

“We have to go towards a software-defined access, SDA network, that’s the main thing with so much data flowing everywhere. With the IT and the OT network converging, we need to have an SDA building. If you’re managing huge campuses, you need to also have DNS places where all the data can seamlessly flow from your network devices to the cloud server. But that is (only) a building block. Once you have the SDA in place, and you have the IT and OT together, then you can go ahead and do whatever you want. Because it’s always going to be a three-tier architecture. It’s your mini data centre at your place, the cloud, and then the devices at each floor or wherever the locations,” he explained.

Meanwhile, Draper noted that businesses must be well-versed with their infrastructure assets before enacting any changes in network security.

“You cannot manage what you cannot see. So some of the most simple things in security are the right people, the right policies in place, and the right practices. And you repeat, rinse and repeat, rinse and repeat,” Draper said.

“Understand what you own. That may be a very simple statement, but that’s really something. It’s still a complex issue to be able to do that, because of the sheer number of devices that we see today that have asset identification technology in place, or something which we know the technology that we own. Once we know what we own, we can understand the level of exposure that we have. Once we know the level of exposure, we can take actionable things to either segment, to block or patch certain devices,” he continued.

“The other thing— the visibility, is the ability to triage (and) identify risky assets in our network. We may then start bringing in policies to say, we may not invest or buy certain IoT devices to have within our businesses because of their sheer risk,” Draper added.

Aside from these, enterprises must also be on their toes in terms of regulatory compliance, noted Henk van Rossum, General Manager – Enterprise Program Director at International SOS. 

“The challenge is to be ready. I think the biggest challenge is usually related to legal requirements. Data residency, and in fact, data nationalism, as we call it, those are coming up very, very strong. So you can have fairly clear technology, and you can flow your data from left to right, but make sure it is compliant within your organisation, and that everybody in your organisation is compliant to do it in that way,” he said.

“You have to be signed (up) for compliance, and you have to be signed (up) for security. If you don’t do that, then you end up in a process which you have to secure in the end. That’s not how it works. Your process has to be designed to make sure that you intend (to) work secure and that you do comply with all the privacy (requirements). So really take some time for planning. It’s a Lean principle. Plan slow, act fast— doesn’t mean you have to be slow in your organisation, but you have to take time for planning,” van Rossum added.

The inevitability of technological advancement

As technologies evolve, cyberthreats become more and more sophisticated as well. However, there are some tips in the playbook for anticipating and preventing data breaches.

“All the gateway servers should not have a public IP. If you only have a private IP, they will talk to the public servers on the cloud. So these things have to be built in, without which you cannot really build security,” Vagal shared.

Likewise, the benefits of using new enterprise technology far outweigh the risks, according to van Rossum.

“So new technology, (you have to) really embrace it, because I think you will need it for your organisation. New technology also gives you new technology for security. You can do a lot with new technology; (it) can improve your organisation, as well as secure your organisation. But you have to take it hand in hand with (infrastructure) design requirements,” he pointed out. 

“If you want to drive customer satisfaction, and you want to call in digitalisation, if you really want to go in there, you have to make sure that you get the right tech in,” he concluded.