enterprisesecuritymag

Redesigning the Internet for the IoT Age

By Lokesh Yamasani, Director - Information Security at Satellite Healthcare/WellBound

Lokesh Yamasani, Director - Information Security at Satellite Healthcare/WellBound

These days, everything is connected to the Internet and connected to each other via the Internet. In short, we as consumers are living in the Internet of Things (IoT) age, let alone “Digital age”.From consumer IoT devices such as baby monitors and fish tanks to Enterprise IoT devices such as Payment card readers, CCTVs, and Medical devices, anything can be connected to and managed via the Internet.

Newsflash: Neither Technology nor the Internet was built with security and privacy as one of its top priorities. Internet was built primarily for transporting communication at real-time speed, and technology was built primarily for improving and making end-user/consumer experience seamless.

Given how technology is transforming rapidly. Every organization will become a data insights-driven company with data security and privacy being one of the top areas of concern.

“Given the current limitations and challenges that blockchain as a technology faces, redesigning the entire internet at one go may not be practically possible”

As the society moves towards such transformation, let us look at the challenges of mitigating security risks with respect to connected devices based on two major components:

First Component: The Internet Itself

Let us look at the possibility of re-architecting the Internet itself. I know what you are thinking (“That’s a crazy idea”, “I do not think it is going to work”, or “It is easier said than done”).

Aren’t all great things come out of crazy ideas? As a kid or just like almost any other kid in my neighborhood while dealing with water scarcity, I thought to myself (“Why am I dealing with water scarcity, when there is so much water in the ocean?” or “why can’t we interconnect these two different rivers?”.) Those things are a possibility now. With that being said, I’m going to say this “crazy idea”!

Here goes my crazy…err, Blockchain. Is blockchain the answer to decentralizing the entire internet that could potentially improve the security of connected devices? Maybe, we have all heard about how blockchain is transforming finance, healthcare, and other industries, to name a few. If done the “right way”, why cannot we leverage blockchain technology to redesign the entire internet and make it operate like a massive ledger that will create and accept only from trusted sources.

That brings up an interesting question….“how do we achieve that”?

Second Component: Platform(s)

Here is how it could be achieved:

Given the current limitations and challenges that blockchain as technology faces, redesigning the entire internet at one go may not be practically possible. Let us go in phases…can we? Separate the internet into different categories based on its usage: Consumer Internet, Industrial Internet, and Enterprise Internet, if not further. We could potentially start with Enterprise internet in which “FAANG” could be one of its early adopters.

Let us establish trust levels between these categories leveraging blockchain technology. The current internet architecture is based on a tiered network with end-users at the bottom of the routing hierarchy. With this proposed approach, atleast end users will not be at the bottom of the routing hierarchy, and that’s the ultimate goal of this approach: “Internet Power to the People”.

I know what you are thinking….”This is all fine. Even with the “blockchain” technology, do we still need to go through big name providers?” “Are we re-architecting the core component of the internet?” “Are we re-architecting the edge of the internet, where do we even start?” “Are we going to have a network of “validators” that will validate the connection to a resource within Blockchain-based internet at near real-time speed that we are currently used to?” The matter fact of is: We know what we know and what we do not know is something we will know  eventually through experimentation because all “crazy ideas” have become successful through repeated experimentation(Talking of experimentation, how about building glaciers in a desert?)

Bottom Line: Security researchers are discovering new vulnerabilities almost every day on devices that are widely used by consumers (Spectre and Meltdown, Urgent/11 vulnerabilities). Unless we implement one of these “crazy ideas” and put security and privacy at the forefront of redesigning the internet and the platform that supports the internet, we are not going to get far in terms of security and privacy of connected devices.

Read Also

Cybersecurity In A Connected Government

Cybersecurity In A Connected Government

Behzad Zamanian, CIO, City Of Huntington Beach
Managing Digital Transformation by IT and Security Teams

Managing Digital Transformation by IT and Security Teams

Elena Kvochko, CIO, Group Security Function, Barclays [NYSE:BCS]
IoT security - what's the ask for the future?

IoT security - what's the ask for the future?

Parthasarathi Chakraborty , Director Infrastructure Security Architecture, BMO Financial Group

Weekly Brief