Analysts predict that the Internet of Things will comprise somewhere between 20 billion and 50 billion connected devices by the end of next year. Meanwhile, an Intel-sponsored study finds that IoT device onboarding can take more than 20 minutes per device. Do the math and it’s pretty clear that any IoT initiative must address some daunting device management requirements.
In fact, device management is widely seen as one of the limiting factors for IoT growth due to the sheer number and variety of tasks required. Onboarding, configuring, testing, authenticating, monitoring and updating devices requires an array of time-consuming, error-prone manual processes.
A lack of standardization in IoT device design adds to management complexity. Device manufacturers use dozens of proprietary protocols and configurations, making it difficult for the average IT department to manage everything. The analyst firm Quocirca has estimated that businesses with active IoT initiatives have an average of 7,000 connected devices — yet the companies typically have no idea how many devices are connected to their network, and no management or control over these devices.
Given the scale, complexity and the variety of manual management tasks involved, it’s no surprise that devices are often misconfigured. That creates enormous potential for vulnerabilities that hackers can exploit. Hijacked IoT devices have been used in several large-scale DDoS attacks in the past few years, and a recent Aberdeen report predicts that a quarter of all cyberattacks in the next year will target IoT devices.
Automated Onboarding
A number of features in Cisco’s Digital Network Architecture (DNA) deal specifically with these challenges. Network administration tools, policy-based automation, validated design guides and other features in the Cisco DNA portfolio provide the scale, flexibility and security needed to support an IoT environment.
Automatic device discovery is one of the critical capabilities. Using machine learning and intelligent analytics, Cisco DNA pulls telemetry data from everywhere in the network. It captures traditional network information as well as operational data about communication protocols and interfaces to create a device profile. Cisco’s Identity Service Engine (ISE) uses these profiles to instantly identify devices as they connect to the network.
In addition to dramatically speeding up the onboarding process, Cisco DNA further streamlines device management by allowing network engineers to make software-driven policy and configuration changes throughout the network. Cisco DNA Center, the network management command center for Cisco DNA, provides single-pane-of-glass management for drag-and-drop provisioning, proactive troubleshooting, immediate remediation guidance and fast network segmentation.
Policy-Based Security
Cisco DNA’s Software-Defined Access (SD-Access) feature also facilitates the IoT by making it much easier to provide network connectivity outside the wiring closet. SD-Access creates a single network fabric from the edge to the cloud and provides routing and security for the end devices attached to it. When connecting Cisco industrial switches at the fabric edge, SD-Access can be extended to enable automated configuration, provisioning and troubleshooting for industrial-grade IoT devices in outdoor environments, warehouses and manufacturing plants. Field trials and internal testing show SD-Access reduces provisioning time by up to 67 percent.
The SD-Access fabric also automates policy-based security for IoT devices. Changes in security policy are pushed to the fabric by Cisco DNA Center. As devices attach to the fabric edge switches, they are automatically associated with the security policy used within the fabric. Engineers can also use the DNA Center management console to create and distribute policies that govern traffic to and from devices and prevent unauthorized communication.
The IoT can create a host of business benefits — if it’s done right. However, organizations often struggle because traditional device management and security practices cannot match the immense scale of IoT. With its DNA architecture, Cisco is providing tools needed to deliver the scale, flexibility and security for IoT environments.
