Cloud-based, perimeter-secured overlay networks isolate IoT data from other networks
The influx of widespread IoT deployments has created a perfect storm of needs and challenges. The seemingly limitless opportunities for enterprises to collect and leverage data, streamline business operations, and even improve customer service is difficult to ignore. At the same time, the process of connecting, managing, and securing IoT devices and data that are located all over the world comes with daunting challenges.
Most organizations don’t have enough IT staff to monitor, manage, and troubleshoot the connectivity and security of IoT devices that are broadly distributed across many branches, fleet vehicles, or in the wild.
Also, traditional TCP/IP transport protocol isn’t ideal for IoT. For one thing, IP is a “connect first, authenticate second” protocol, which exposes devices and networks to outside influence. Also, micro-segmentation with IP is cumbersome and complex, requiring additional protocols that can lead to more errors and can hinder security due to human error. Lastly, security solutions for IoT are few and far between due to the compute power and memory on the devices.
Perhaps the biggest challenge is that IoT data should be completely separated from sensitive data, such as Point-of-Sale information, and other networks, including the corporate WAN, so that if a system is compromised, the intruder can’t hop over to another network.
These challenges call for overlay networks that can provide the connection between IoT devices and the cloud, and that utilize a secure private IP address space. Cradlepoint’s NetCloud Perimeter (NCP) service, using Software-Defined Perimeter technology, enables IT teams to set up perimeter-secured overlay networks with just a handful of simple steps that can be completed within a matter of minutes.
For example, let’s envision a common scenario in a branch office or a connected fleet vehicle: An IT professional needs to secure a variety of IoT devices that are connected on the network behind a router.
With NCP running as a configured service on a Cradlepoint router — turning the router into a NetCloud Gateway — LAN-connected devices such as digital signs, surveillance cameras, and more can be placed on an overlay network that isolates IoT data from the Internet and other networks. Behind a NetCloud Gateway, any IP-based device can be connected to the overlay network without any additional software.
These overlay networks provide a cloud-based VPN alternative for IoT use cases and the people who interact with them. They can be created, configured, and scaled in just a few minutes cost-effectively.
Creating a Secure, Software-Defined Network for IoT
- From the NetCloud DASHBOARD, Select the NETWORK menu.
- Click “Add.”
- Enter “Network Name,” then click “Create new network.”
- Within a few moments, the new network will appear in the list of networks.
Turning a Router into a NetCloud Gateway
In Cradlepoint’s NetCloud Manager, it takes 5 minutes or less to begin running NCP on a specific router:
- Find a router (in the DEVICES tab).
- Click the commands to “Upgrade NetCloud Gateway” on the chosen device.
- Select the desired overlay network.
- Select the specific LANs associated with this router that need NCP access.
- Select “Auto-Whitelist” to automatically assign an overlay network IP address to every device on that network.
- Click “Save” to complete NetCloud Gateway installation.
- Select the NETWORK menu, then click on the overlay network. The router with the NetCloud Gateway installation will appear in the devices list with a green circle and a white check mark.
For a longer, more detailed version of this process, explore our related NetCloud Perimeter articles in Knowledge Base.
Customizing the Overlay Network
- From the NETWORKS page, click the overlay network that you want to configure.
- Click the “Settings” tab.
- Change the default subdomain name to a custom DNS name that accurately describes the network.
Adding IoT Devices to the Network
Once a NetCloud Gateway is in place, IT staff can find and define a group of IoT devices to connect to that gateway via the NetCloud dashboard. These could include devices (Windows, MAC, Linux, iPhone, Android, and docker) running the NetCloud Client software and those without the software that reside on the network behind a NetCloud Gateway.
Once devices have been added to an overlay network additional, additional NCP features can be utilized, such as micro-segmentation and other security policies.
Additional Benefits of Software-Defined IoT Security
One of the most important benefits of NCP is that enterprises can micro-segment users, devices, groups, applications, and resources with simple policies, as well as offer LAN-like performance to remote users on virtually any device, in a matter of minutes — without complex configurations.
These invitation-only overlay networks are highly secure, as they utilize a private address space — eliminating the need for routable IPs on the Internet — thus obscuring them from potential hackers.
Explore More About IoT Security
To learn more leveraging SD-Perimeter technology for IoT security, download our white paper.