• 918博天堂·(中国区)首页

    Blog
    Topic
    All
    AIoT
    SMB Solutions
    Products and technologies
    Industries
    All
    Retail
    Traffic
    Education
    Logistics
    Banking
    Building
    Energy
    Manufacturing
    Sustainability
    Business trends
    Cybersecurity
    Partner and customer experience
    Imaging
    Search blog
    Blog
    Filter
    Cancel
    Topic
    All
    AIoT
    SMB Solutions
    Products and technologies
    Industries
    All
    Retail
    Traffic
    Education
    Logistics
    Banking
    Building
    Energy
    Manufacturing
    Sustainability
    Business trends
    Cybersecurity
    Partner and customer experience
    Imaging
    초기화
    제출

    Business network segmentation: a must in the IoT era

     

    The key to protecting network connected devices, and sensitive operational and customer data is to segment your network, which means creating separate network domains for different types of systems and devices – including IoT devices.


    Many IoT devices are just small, Linux computers put in things like light bulbs, refrigerators and thermostats. However, do you care about the cyber security of them?  Or have you updated their patches regularly?


    It is fundamentally risky to keep all of your devices on a flat network. This kind of security risk can clearly lead to non-compliance with data protection regulations – such as GDPR in Europe – potentially resulting in large fines that many small businesses just can’t afford. And the worst part is it probably would never have happened if the appropriate network segmentation, firewalls and security controls had been in place.

     

    The old way: “flat” networks with just one point of entry

    To understand the need for network segmentation, it’s first necessary to understand what a traditional “flat” network architecture looks like (illustrated below). Unlike segmented networks, flat networks have just one firewall router, usually purchased from a retailer, or installed by an Internet Service Provider.

     

    Figure 1: A traditional, flat network architecture
    This is called a flat network because there is no firewall or logical separation between any of the devices, so they can talk directly to every other device on the network.


    This kind of architecture worked well when most small businesses just had a few computers, which was often the case in the late 90s and early 2000s. Back then, there was no Wi-Fi, no IoT network-connected devices, and very few (if any) mobile phones that had access to the Internet.

     

    Why flat networks are no longer OK

    When smartphones with Wi-Fi access became commonplace, many small companies found that the number of devices connected to their network doubled over a very short period of time, increasing networking and – specifically – cybersecurity challenges.


    Today, network security is an even tougher challenge, as smart TVs, smart light bulbs, smart refrigerators, and a wide range of other IoT devices are being connected to small business networks at scale – sometimes resulting in literally hundreds of devices on the network.


    All of these new devices have a network interface, storage, memory, processors and an operating system. In other words, they are computers, and they are just as vulnerable to attack as any other kind of computer or smartphone.


    Additionally, IoT devices in particular are always connected to the Internet, and are rarely patched, making them a relatively easy target for hackers. Remember, hackers can use these devices to access the network as a whole – which could potentially lead to a major data breach and – in the worst cases – large regulatory fines.

     

    Boost your cybersecurity with network segmentation

    By segmenting their networks, small businesses can isolate devices and systems on separate sub-networks. This not only allows better sharing of throughput or bandwidth to the Internet, but it also helps to secure systems that contain sensitive data, and separates those systems from people and other systems that don’t need to have contact with them.


    In the typical small business, this can be achieved by using two or more routers, and looks like this:

     

    Figure 2: A segmented small-business network with three routers that segment general systems, Payment Card Industry (PCI) compliant systems, and IoT systems – in this case, a video security system.

     

    Isolating problems with network segmentation

    Another key benefit of network segmentation is the ability to isolate any problems resulting from cybersecurity breaches. If a laptop gets infected with malware, for example, it won’t be able to get into the IoT network, which is protected by its own firewall. The same is true if an IoT device is compromised; the firewall on the general network will stop the issue from spreading to those systems.


    With network segmentation, the old adage “better safe than sorry” definitely holds true. It’s just a question of thinking about which systems need to talk to each other, and which really don’t. Once you’ve figured that out, you can make simple architectural changes that protect your critical systems, devices and data – and ensure you stay compliant with GDPR and other relevant regulations.
     

    Business trends

    Subscribe to newsletter

    Subscribe to our email newsletter to get the latest, trending content from Hikvision

    문의하기
    Hik-Partner Pro close
    Hik-Partner Pro
    Hik-Partner Pro
    Scan and download the app
    Download
    Hik-Partner Pro
    Hik-Partner Pro

    Get a better browsing experience

    You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.