The resilience of connectivity
As IoT rapidly evolves in the security sector, is the resilience of connectivity being considered enough in terms of risk? Hiran Ravat from CSL, who has over 20 years of experience in the IoT space, gives us his thoughts on the subject and five tips for IoT security.
IoT is nothing new
Security and resilience have always been at the heart of the Electronic Security Industry, even in the early days of connected devices when IoT existed as M2M (Machine-to-Machine) communications. The sector is heavily standardised and rightly so, as it deals with the most critical connections, protecting property and life. As the range of connected smart devices and applications grows, so does the need for secure, reliable connectivity.
There has been an expansion of 4G and fibre broadband services to meet the growing demand from consumers. Connectivity is more widely available now than it ever has been. However, there is an enormous difference between connectivity to satisfy basic everyday needs and resilient connectivity that secures a critical service. The latter needs a managed end-to-end solution that comes with the appropriate levels of security and expertise.
Connectivity in an instant
As well as the demand for connectivity growing, timescales for delivery have also shifted. Living in an ever-increasing instant world means customers aren’t willing to wait to ‘get connected’ or the critical nature of the application may require an immediate connection so that it’s protected.
This shouldn’t be at the expense of quality or security, however. In addition, many IT directors will be unwilling to allow new services to be connected to their core network. That’s where 4G technology comes in.
It’s incredibly portable, rapidly deployable, secure and offers an autonomous network. Wherever there is network coverage, 4G connectivity is possible. It could be in the form of a router or a SIM and there are many offerings in the market. The key is, whatever provides the 4G connectivity must be fully managed. A managed service will offer configuration, encryption and 24/7 support, which is essential if a problem arises and connectivity could potentially be lost. A managed service will also include a backup plan – providing a failover if things go wrong.
4G connectivity is provided by individual Mobile Network Operators (MNOs) – but which one to choose? The answer is, don’t choose! Roaming SIMs are now a standard expectation of any professional solution.
Many solutions also still utilise wired broadband where possible. Again, 4G can play a role here as a backup to an existing broadband service. If the wired broadband goes down, 4G kicks in. Wrap the managed service around this and you have Private APNs, Static IP addresses and flexible data. All of the technical bits are looked after by a team of experts but the user can also securely connect to their device on demand.
The changing concept of risk
In the past, many of us would have thought about risk in terms of security, fire, water damage etc. But today, a major risk to any business is downtime. Loss of connectivity means that key services cannot function. Ultimately, this means the business loses revenue. Examples of this include petrol forecourts, where a loss of connectivity could mean the CCTV goes offline and therefore the pumps must be turned off. Or a busy Saturday afternoon at a supermarket where the Point of Sale machines cannot process payments due to an outage. Businesses should be reassessing how risk now impacts their business and considering the options available to them which offer a solution.
In recent times cyber attacks on large businesses have increased and there are many examples of where we have seen the detrimental impact this has had on the business. In December 2021, the supermarket chain Spar was forced to shut more than 300 of its branch stores in the north of England following an attack on its IT systems. Threat actors blocked staff access to emails and left them unable to accept card payments. While some stores managed to quickly switch to a ‘cash only’ policy, others were forced to close temporarily. In this scenario, had the backup been independent of their internal network there would be the ability to manage the connection through a secure network and ensure that trade continued.
Another example is in hospitality. Nordic Choice Hotels’ IT systems were hit by a virus attack on the night of 2 December 2021. The attack primarily affected the hotel systems that handle reservations, check-in, check-out and creation of new room keys. Like the retail situation with the appropriate backup solution, the connection would have been independent of the hotel network and allowed the business to trade.
5 Top Tips for your connectivity:
Always use multiple, roaming, network-diverse 4G SIMs for maximum uptime and total resilience.
Ensure your connection to the internet is fully encrypted and utilises VPNs.
Choose a fully managed service with an expert support team that can fix issues for you quickly.
Ensure you have a backup plan to failover to if there’s no 4G coverage or the existing broadband fails.
Don’t fear the challenges of connectivity – embrace them!
Head of IoT Business Development and Partnerships.
For more articles on the security of the Internet of Things, see our Security Technology category, in particular: