ZK Research: Home
Google+
Twitter
LinkedIn
Facebook
RSS Feed

ZK Research - a proud sponsor of AI World 2017. See you there!

AI World Conference & Expo · Boston, MA · December 11-13, 2017

This syndicated post originally appeared at No Jitter - Recent posts by Zeus Kerravala.

New products give IT a way to create a zero-trust model of security —
that is, trust nothing and build the trust relationships as needed.

The Internet of Things (IoT) is a much-discussed topic these days, with smart this and smart that and our rapid movement into a world in which everything is connected. But in this IoT world security has been, and will continue to be, the top barrier for quite some time.

Metcalfe’s Law states that the value of a network is proportional to the square of the number of nodes connected. So as we add more nodes to a network, the value grows exponentially. Hence the networks in a world in which everything is connected has substantially more value than a network with some things connected or parallel networks.

The biggest IT-related challenges with respect to IoT (source: 2015 ZK Research Network Purchase Intention Study)

While connecting all of these endpoints does indeed enable organizations to develop new processes and streamline operations, it opens the door to security risks, too. Many IoT devices don’t have any inherent security capabilities and can create back doors into other network segments. That many IoT applications rely heavily on mobile devices and cloud services creates even more security risks. The fact is, IoT networks have many more entry points than legacy networks, and perimeter-based security methods will not provide effective security for them.

Enter startup Tempered Networks, which yesterday announced a new release of its IP security platform targeted at simplifying the process of securing IoT endpoints regardless of whether they are dedicated devices, running on Windows, or in the cloud. The Tempered solution, called Identity-Defined Network (IDN) Fabric, is enabled through Host Identity Protocol (HIP), which changes the way IP networks operate.

IP is built on the premise that everything should talk to everything, and then security gets layered on top and provisioned node by node. This means each additional device makes the security equation increasingly complex. HIP, on the other hand, is built on the assumption that nothing connects to anything and has security baked into it. Then IT can provision trust maps to enable devices that need to talk to each other to do so.

In a hospital, for example, IT might want to create a trust relationship through which medical devices can only talk to other medical devices. In a retail environment, IT might want to set up a trust relationship between kiosks and a warehouse system. With traditional security, IT could accomplish this through a combination of virtual private network connections, access control lists, and other settings — but once the network gets to any kind of significant size at all (greater than 10 endpoints) the configuration overhead becomes onerous and difficult to set up and maintain.

You can think of a HIP-enabled overlay network as a secure fabric that uses the device’s identity to create connections. This masks the complexity of the underlying network and fluid perimeter, and enables IT to dynamically secure the environment in a way that’s easy to set up and maintain.

Overlay Networks

Tempered offers a number of ways to HIP-enable connected endpoints. These include:

  • Physical HIPswitches – These physical devices sit in front of IoT endpoints and provide the necessary security. HIPswitches come in a variety of form factors suitable for data centers or industrial environments; have multiple connectivity options, including WiFi, Ethernet and cellular; and offer a wide variety of throughput options, of up to 1.3 Gbps in speed.
  • HIPapp for Windows – This software application enables Windows 7 and 10 endpoints to securely connect using HIP and become part of the overlay IDN Fabric.
  • Virtual HIPswitch – The virtual version of the HIPswitch extends the hardened security capabilities of HIP into virtual environments. It also enables the extension of Tempered’s IDN Fabric into the Amazon Web Services cloud.

In addition, Tempered is releasing a new version of the Tempered Networks Conductor, which is a centralized orchestration engine that coordinates configuration, security policies, trust relationships, monitoring, and analytics between the management user interface and the HIP-enabled endpoints in the IDN Fabric.

The Conductor upgrades include:

  • SimpleConnect API – This RESTful API enables the IDN Fabric to integrate with other networks, including software-defined networks.
  • Visual Trust Map – As shown in the diagram above, Virtual Trust Map gives administrators a full view of all the trusted relationships between HIPswitches and whitelisted endpoints. This shows administrators a view of all the connected and protected assets.
  • Dashboard – New in this release is a dashboard that provides a view into all HIPswitches, showing at a glance which models are deployed and which releases are running. This can help greatly with ongoing management.

The IoT era is here, and IT professionals must focus on creating a zero-trust model of security — that is, trust nothing and build the trust relationships as needed. Without this approach, IT departments will find securing the environment to be a never-ending battle in which they fall further and further behind. Tempered’s IDN Fabric creates a scalable, visual way of enabling IoT security that’s straightforward to set up and manage as the number of connected endpoints grows.

The following two tabs change content below.

Zeus Kerravala

Zeus Kerravala is the founder and principal analyst with ZK Research. Kerravala provides a mix of tactical advice to help his clients in the current business climate and long term strategic advice.
Share This Post:
No Comments

Be the first to comment!

Post a Comment:

You must be signed in to post a comment.

ZK Research is proudly powered by WordPress | Entries (RSS) | Comments (RSS) | Custom Theme by The Website Taylor