enterprisesecuritymag

Redesigning the Internet for the IoT Age

By Lokesh Yamasani, Director - Information Security at Satellite Healthcare/WellBound

Lokesh Yamasani, Director - Information Security at Satellite Healthcare/WellBound

These days, everything is connected to the Internet and connected to each other via the Internet. In short, we as consumers are living in the Internet of Things (IoT) age, let alone “Digital age”.From consumer IoT devices such as baby monitors and fish tanks to Enterprise IoT devices such as Payment card readers, CCTVs, and Medical devices, anything can be connected to and managed via the Internet.

Newsflash: Neither Technology nor the Internet was built with security and privacy as one of its top priorities. Internet was built primarily for transporting communication at real-time speed, and technology was built primarily for improving and making end-user/consumer experience seamless.

Given how technology is transforming rapidly. Every organization will become a data insights-driven company with data security and privacy being one of the top areas of concern.

“Given the current limitations and challenges that blockchain as a technology faces, redesigning the entire internet at one go may not be practically possible”

As the society moves towards such transformation, let us look at the challenges of mitigating security risks with respect to connected devices based on two major components:

First Component: The Internet Itself

Let us look at the possibility of re-architecting the Internet itself. I know what you are thinking (“That’s a crazy idea”, “I do not think it is going to work”, or “It is easier said than done”).

Aren’t all great things come out of crazy ideas? As a kid or just like almost any other kid in my neighborhood while dealing with water scarcity, I thought to myself (“Why am I dealing with water scarcity, when there is so much water in the ocean?” or “why can’t we interconnect these two different rivers?”.) Those things are a possibility now. With that being said, I’m going to say this “crazy idea”!

Here goes my crazy…err, Blockchain. Is blockchain the answer to decentralizing the entire internet that could potentially improve the security of connected devices? Maybe, we have all heard about how blockchain is transforming finance, healthcare, and other industries, to name a few. If done the “right way”, why cannot we leverage blockchain technology to redesign the entire internet and make it operate like a massive ledger that will create and accept only from trusted sources.

That brings up an interesting question….“how do we achieve that”?

Second Component: Platform(s)

Here is how it could be achieved:

Given the current limitations and challenges that blockchain as technology faces, redesigning the entire internet at one go may not be practically possible. Let us go in phases…can we? Separate the internet into different categories based on its usage: Consumer Internet, Industrial Internet, and Enterprise Internet, if not further. We could potentially start with Enterprise internet in which “FAANG” could be one of its early adopters.

Let us establish trust levels between these categories leveraging blockchain technology. The current internet architecture is based on a tiered network with end-users at the bottom of the routing hierarchy. With this proposed approach, atleast end users will not be at the bottom of the routing hierarchy, and that’s the ultimate goal of this approach: “Internet Power to the People”.

I know what you are thinking….”This is all fine. Even with the “blockchain” technology, do we still need to go through big name providers?” “Are we re-architecting the core component of the internet?” “Are we re-architecting the edge of the internet, where do we even start?” “Are we going to have a network of “validators” that will validate the connection to a resource within Blockchain-based internet at near real-time speed that we are currently used to?” The matter fact of is: We know what we know and what we do not know is something we will know  eventually through experimentation because all “crazy ideas” have become successful through repeated experimentation(Talking of experimentation, how about building glaciers in a desert?)

Bottom Line: Security researchers are discovering new vulnerabilities almost every day on devices that are widely used by consumers (Spectre and Meltdown, Urgent/11 vulnerabilities). Unless we implement one of these “crazy ideas” and put security and privacy at the forefront of redesigning the internet and the platform that supports the internet, we are not going to get far in terms of security and privacy of connected devices.

Weekly Brief

Read Also

Identity is Crucial to Staying a Step Ahead

Identity is Crucial to Staying a Step Ahead

Kathleen Peters, Experian’s Senior Vice President and Head of Fraud & Identity, Experian, North America
Building a Comprehensive Vulnerability Management Program

Building a Comprehensive Vulnerability Management Program

Benjamin Schoenecker, Director of Information Security, Hendrick Automotive Group
Managing Threats and Vulnerabilities in your Enterprise: Structuring for Modern Day Challenges

Managing Threats and Vulnerabilities in your Enterprise:...

John Gunter Jr., Head of Threat and Vulnerability Management, Electronic Arts
It's a Gnu Year - Keep moving

It's a Gnu Year - Keep moving

Sean Leonard, Director of Threat and Vulnerability Management, Universal Music Group
Vulnerability Management- Thinking Beyond Patching and Software Vulnerabilities

Vulnerability Management- Thinking Beyond Patching and Software...

Brad Waisanen, Vice President, Information Security at TTI
The Ever-evolving Information Security and Business IT Landscape

The Ever-evolving Information Security and Business IT Landscape

Steve Hendrie, Sr. Director & CISO, The Hershey Company