enterprisesecuritymag

Redesigning the Internet for the IoT Age

Lokesh Yamasani, Director - Information Security at Satellite Healthcare/WellBound

Lokesh Yamasani, Director - Information Security at Satellite Healthcare/WellBound

These days, everything is connected to the Internet and connected to each other via the Internet. In short, we as consumers are living in the Internet of Things (IoT) age, let alone “Digital age”.From consumer IoT devices such as baby monitors and fish tanks to Enterprise IoT devices such as Payment card readers, CCTVs, and Medical devices, anything can be connected to and managed via the Internet.

Newsflash: Neither Technology nor the Internet was built with security and privacy as one of its top priorities. Internet was built primarily for transporting communication at real-time speed, and technology was built primarily for improving and making end-user/consumer experience seamless.

Given how technology is transforming rapidly. Every organization will become a data insights-driven company with data security and privacy being one of the top areas of concern.

“Given the current limitations and challenges that blockchain as a technology faces, redesigning the entire internet at one go may not be practically possible”

As the society moves towards such transformation, let us look at the challenges of mitigating security risks with respect to connected devices based on two major components:

First Component: The Internet Itself

Let us look at the possibility of re-architecting the Internet itself. I know what you are thinking (“That’s a crazy idea”, “I do not think it is going to work”, or “It is easier said than done”).

Aren’t all great things come out of crazy ideas? As a kid or just like almost any other kid in my neighborhood while dealing with water scarcity, I thought to myself (“Why am I dealing with water scarcity, when there is so much water in the ocean?” or “why can’t we interconnect these two different rivers?”.) Those things are a possibility now. With that being said, I’m going to say this “crazy idea”!

Here goes my crazy…err, Blockchain. Is blockchain the answer to decentralizing the entire internet that could potentially improve the security of connected devices? Maybe, we have all heard about how blockchain is transforming finance, healthcare, and other industries, to name a few. If done the “right way”, why cannot we leverage blockchain technology to redesign the entire internet and make it operate like a massive ledger that will create and accept only from trusted sources.

That brings up an interesting question….“how do we achieve that”?

Second Component: Platform(s)

Here is how it could be achieved:

Given the current limitations and challenges that blockchain as technology faces, redesigning the entire internet at one go may not be practically possible. Let us go in phases…can we? Separate the internet into different categories based on its usage: Consumer Internet, Industrial Internet, and Enterprise Internet, if not further. We could potentially start with Enterprise internet in which “FAANG” could be one of its early adopters.

Let us establish trust levels between these categories leveraging blockchain technology. The current internet architecture is based on a tiered network with end-users at the bottom of the routing hierarchy. With this proposed approach, atleast end users will not be at the bottom of the routing hierarchy, and that’s the ultimate goal of this approach: “Internet Power to the People”.

I know what you are thinking….”This is all fine. Even with the “blockchain” technology, do we still need to go through big name providers?” “Are we re-architecting the core component of the internet?” “Are we re-architecting the edge of the internet, where do we even start?” “Are we going to have a network of “validators” that will validate the connection to a resource within Blockchain-based internet at near real-time speed that we are currently used to?” The matter fact of is: We know what we know and what we do not know is something we will know  eventually through experimentation because all “crazy ideas” have become successful through repeated experimentation(Talking of experimentation, how about building glaciers in a desert?)

Bottom Line: Security researchers are discovering new vulnerabilities almost every day on devices that are widely used by consumers (Spectre and Meltdown, Urgent/11 vulnerabilities). Unless we implement one of these “crazy ideas” and put security and privacy at the forefront of redesigning the internet and the platform that supports the internet, we are not going to get far in terms of security and privacy of connected devices.

Weekly Brief

Read Also

Building a Comprehensive Industrial Cyber Security Program

Building a Comprehensive Industrial Cyber Security Program

Mohamad Mahjoub, CISO, Veolia Middle East
Bolstering Cybersecurity

Bolstering Cybersecurity

Amr Taman, Chief Information Security Officer, Al Ahli Bank of Kuwait
Building Untrusted Networks to Improve Security

Building Untrusted Networks to Improve Security

Earl Duby, Vice President and CISO, Lear
Security challenges that companies face when implementing telehealth and the solutions and best practices for managing the risks

Security challenges that companies face when implementing...

Stefan Richards, Chief Information Security Officer, CorVel Corporation
Building Cyber Resilience during Covid-19

Building Cyber Resilience during Covid-19

Aleksandar Radosavljevic, Global Chief Information Security Officer, STADA
IAM may help secure data, but it needs to be protected as well

IAM may help secure data, but it needs to be protected as well

Marc Ashworth, Chief Information Security Office, First Bank