There's a tremendous amount of buzz around the Internet of Things (IoT). But the IoT relies on networks, and networking technologies are deployed and managed by people -- network administrators, in particular. Yet in recent years, network administrators have been asked to "do more with less" -- less budget, and a smaller staff. The IoT will require them to do even more.
I've spent some time thinking about the effect the Internet of Things will have on networks and network administration, and I've developed some theories. Also, Infoblox also commissioned a survey of networking professionals in the US and UK and hosted two panel discussions with customers to receive feedback.
For the most part, the survey and these panels confirmed my suspicions. For example, I had spoken with many customers who initially said they had no IoT devices whatsoever. When pressed, however, and given concrete examples (networked badge readers, surveillance systems, HVAC systems, cash registers, vending machines, and so on), most realized they already had at least a nascent IoT infrastructure. Accordingly, 75% of respondents to our survey reported that they already had office equipment Things on their network, and 70% reported security Things on their network.
I had also encountered very few IT organizations that had deployed any infrastructure specifically for IoT, from dedicated networks to management systems. Again, our survey supported the anecdotal evidence -- only 35% of respondents said they have deployed solutions specifically to support IoT.
Since, in most cases, no dedicated network infrastructure exists for IoT devices, most IT organizations relegate IoT connectivity to existing networks. Only 30% of the organizations surveyed planned to create a separate logical or physical network for "Things," while 46% said they would attach them to the corporate network.
In our panel discussions, we found that most organizations simply dump IoT devices on existing guest wireless networks, which usually provide Internet access (which many Things require). However, guest wireless networks usually don't allow access to internal resources (e.g., domain controllers, database, and file servers), which other IoT devices need, and they provide little or no authentication, unpredictable performance, and no prioritization of traffic, all of which are required by some categories of these devices.
Despite the varied requirements of IoT devices, many IT organizations I've met with described having Things that are "thrown over the wall" for deployment, well after another business unit had made the purchasing decision. Our survey bears this out: 60% of the organizations surveyed reported being brought in to support IoT devices after another organization acquired them, and 63% said that the subsequent deployment was more challenging than the acquirer believed it would be.
This difficulty in implementation isn't surprising. From our customers, we've learned that IoT devices aren't that smart. Many lack a user interface, making configuration a challenge -- and often the responsibility of a network administrator, setting up DHCP options. Many are not easily upgradeable. Many are designed for consumer rather than enterprise deployment, and lack tools and features required for enterprise use.
A university network administrator told me about dorm networks with hundreds of Apple TVs -- making Apple's Remote iOS app nearly useless, because it presents you with a list of those hundreds of Apple TVs to choose from. Some Things are just designed poorly. A network administrator for a hospital chain described an MRI system that used the same set of hardcoded IP addresses for every machine, meaning that the network administrator had to set up NAT for each MRI machine to ensure it was accessible across the network.
This same lack of capability extends to security features. Most Things don't support strong authentication mechanisms such as 802.1X, leaving network administrators to use their MAC addresses -- or nothing -- as a weak form of authentication. Consequently, securing IoT device access to the network is difficult. Some organizations I spoke with used VLANs to isolate certain categories of Things, but dedicating one VLAN to each type of device certainly doesn't scale.
Our survey reiterated the concerns of our panel participants: 63% of those surveyed are concerned about the security challenges posed by the Internet of Things.
Based on our discussions and the survey results, I've come up with a short list of recommendations for network administrators facing an IoT deployment:
- Work to get yourself a seat at the table early in IoT deployment planning. You should have input into the minimum network requirements of devices that you'll have to deploy and support.
- Those requirements should include support for 802.1X, DHCP, SNMP management, remote upgradeability, and IPv6.
- Consider deployment of IPv6. As you probably know, IPv4 addresses have become much more difficult to get in the US, Canada, Europe, and Asia. Some of your Things may require access from the Internet or from third-party networks. Don't let your lack of routable IP address space hamper your IoT implementation.