When most people talk about the Internet of Things (IoT) today, they’re usually referring to the cool gadgets and toys du jour – Google Glass, connected homes, iWatch and fitness bracelets etc. But it’s important to remember that IoT also applies to more mundane systems, such as lighting sensors, heating and cooling systems, vendor machines, commercial fridges, electronic gates, and many many other IP based systems that are likely already maintaining your enterprise – without you even realizing it.
Risks exist when relying on third parties to keep your business running and your information secure. So, you need to help minimize the chance of you or the business getting burned because of someone else’s lackadaisical approach to security.
You likely have many servers in your data center, and many of them can probably be organized and categorize by multiple criteria such as operating system, function, or the network segment where the server will reside etc. In many cases each of these categories requires specific types of services and network access (DNS, NTP, Backup etc.).
Over the life cycle of an application, network connections tend to become more complex and the need for them may come and go. Yet it’s difficult to know how and why data flows between applications below the multiple overlapping layers. As a result, any significant update or effort to close down access runs the risk of outages, frustrated customers and unhappy executives if you don’t have good up-to-date documentation of your application connectivity architecture.
One of the more interesting phenomena I have observed when working with companies on their network security challenges is that every company feels that their challenges are unique. While this is true to some extent, there are many more similarities than differences between companies. One such similarity is the existence of “Network Ned”.