by Tri Pham, Executive Vice President – Corporate Strategy Head, Tata Communications
Enterprises are rapidly adopting API-based applications, which rely on the public or mobile internet as the primary data transport. This creates a potential for a significant increase in cyberattacks on vulnerable IoT endpoints and API clients, and the threats permeate beyond the enterprise perimeter control. An Akamai report found that web application and API attacks in the Asia-Pacific and Japan region grew by a dramatic 449% in 2022.
To address this issue, CIOs must consider network edge-based security solutions that follow zero-trust principles, are agentless, and are network-enforced.
Mobile Secure Access Service Edge (SASE) and Zero Trust are two key security techniques which can be used in combination to protect enterprise endpoints. Mobile SASE aims to apply SASE security principles to the mobile environment. The Zero Trust concept considers all access attempts as potential threats and when combined with Mobile SASE, it helps to protect enterprise endpoints from cyberattacks.
With the arrival of 5G, the trend towards cellular-based IoT projects shifts beyond low-bandwidth massive IoT applications towards more advanced broadband IoT use cases that require higher throughput, lower latency and larger data volumes. These use cases include security cameras, drones and connected cars. The integration of IoT devices into business processes to track assets, manage fleets, monitor patients and ensure the proper functioning of production systems represents a vast virtual expansion of the enterprise network perimeter, exposing a broader attack surface to hackers and criminals.
IoT devices often have limited processing power and storage and may use proprietary operating systems, making them unable to support a client-based security software model. They are also transient and may cross multiple network boundaries, making traditional IT security controls inadequate. For off-network/beyond-the-perimeter devices, enterprise IT organisations have limited options for enforcing security controls and little to no visibility on device performance and behaviour. To overcome these obstacles, organisations are increasingly embedding secure networking into the app itself or employing the device SIM.
Security Threats from the Edge
The mobile network edge is the convergence point for data between endpoints and the cloud, making it a critical location to enforce strong security measures. As businesses adopt hyper-connected transport, healthcare, logistics, retail and industrial value chains, the risk of cyberattacks increases. As mobile networks become more open, widespread and built using APIs, and as workloads move to multi-cloud environments, the threat from cyberattacks and attack surfaces widens.
Most of the deployed API-based applications rely on the public or mobile internet as the main data transport, which creates a potential for a multi-fold increase in cyberattacks on vulnerable IoT endpoints and API clients. Vulnerable API endpoints and gateways need to be protected more comprehensively by enabling developers to embed private, zero-trust capabilities in API client and publisher end points. This then enables the API publisher to stop exposing endpoints to the internet: each API session instead leverages a private network, zero trust overlay.
For remote and mobile IoT devices, IT organisations have limited options for enforcing security controls and have almost zero visibility on the performance and behaviour of the devices. CIOs must adopt a comprehensive security strategy to protect their end-point assets. End-point-enforced security, which requires an agent to be installed on each device, may not be viable due to device support and the associated management costs.
Meanwhile, backhauling all the traffic to the cloud may have a latency impact on application performance and result in high cloud egress costs. These are key reasons why leading organisations are now embedding the zero trust networking functions into the app itself and using SIM-based approaches.
The Need for Network Edge Security
CIOs face a challenge in securing remote IoT devices such as CCTV systems. End-point-enforced security would create high operational complexity and cost, especially at scale. Proxying the traffic to the cloud can mean too much-added latency and high cloud egress costs.
A network edge security approach, orchestrated from the core network, eliminates the need for security agents on each device and does not require all traffic to be backhauled towards a specific cloud environment.
This approach offers several key benefits over traditional cloud or end-point security solutions, by eliminating latency impacts on application performance and reducing the operational pain of managing agents across distributed devices. It also provides improved visibility and control, and robust security for data in transit and at rest, while also doing away with the need for integration with MDM solutions.
In conclusion, CIOs must be aware of the potential threats posed by API-based applications and adopt network edge-based security solutions that follow zero-trust principles to protect their enterprise endpoints from cyberattacks in a rapidly changing technological landscape. Mobile SASE and Zero Trust, when used in combination, provide a comprehensive solution to protect against cyberattacks, ensuring business continuity and resilience.