Management guide: IoT and the data center
Smart refrigerators, smart TVs, smart thermostats, traffic signals, production-line sensors, and even automobiles have all become part of the growing ecosystem of Internet of Things (IoT) devices, leading to a sea change of how IT must process all of the data generated. That could be a good thing for the analytics crowd, the people ready to make sense of the volume of data gathered. But for the modern data center, it's a cause for concern.
IoT is introducing all sorts of new pathways into data centers, simply because the technology relies on TCP/IP communications that traverse the Internet to establish two-way communications between the devices and whatever they interact with. In other words, IoT may very well have a detrimental impact on traffic and, more important, data center security. And while a significant amount of the data that is collected at the edge is managed and manipulated there, eventually that data, in some form, makes its way back to a central location.
IoT and the data center
At first blush, managing data center IoT seems ridiculously simple, with most devices performing only a simple process such as monitoring temperature or turning lights on or off. That simplicity, however, belies bigger issues involving security, connectivity, and operational concerns. As such, the infiltration of IoT technology into the data center may prove to be troublesome. After all, IoT devices are feeding data into data centers, from both internal and external devices, while also introducing new, siloed management requirements, different deployment and monitoring requirements, as well as new types of data. That can take the form of unstructured data (video and audio), intermittent-structured data (signaling events, triggers, etc.), and types of data not yet conceived.
Research firm Gartner estimates that the IoT will include 26 billion units by 2020. That demonstrates exponential growth in the market and translates to an astonishing number of IoT devices, nearly triple the planet's human population. And each one of those devices will create data and require security and management. What’s more, many of those devices will be fully integrated into the data center, providing critical operational information and potentially transforming data center operations.
IoT will connect remote assets and provide data streams between the asset and data center management systems, allowing those IoT assets to be integrated into new and existing organizational processes. That will bring new capabilities to the data center by providing information on status, location, functionality, and so forth. What’s more, data centers will have access to real-time information via IoT devices, which will create a more accurate understanding of operational status, allowing data center operators to enhance utilization and productivity through optimized usage models, supported by increased accuracy in the decision process.
It is those capabilities that will bring more and more IoT devices into the data center, while also incorporating IoT analytics into business processes. As IoT adoption grows, improved business and data analytics will give insights into business requirements, based upon data feeds, which ultimately will help to predict the fluctuations of operational data.
While IoT can bring a lot of benefit to data center and business operations, there is the challenge of processing large quantities of IoT data in real time. That data will potentially increase the workloads in data centers, leaving providers to face new security, capacity, and analytics challenges. Ultimately, data centers will interact with more IoT-type devices than with the traditional tiers of compute, storage, and networking, turning the data center into a conglomeration of IoT technologies, supported by compute, storage, networking stacks.
The enormous number of devices, coupled with the sheer volume, velocity, and structure of IoT data, will create challenges for data center operators, manifesting in areas such as security, data, storage management, servers, and the data center network. Those challenges can't be ignored, as real-time business processes are at stake.
That means data center managers need to deploy more forward-looking capacity management in those areas, to align business priorities associated with IoT. Perhaps the biggest hurdle is that standards are still emerging. What's more, the lack of a robust API ecosystem makes it difficult to integrate IoT devices into existing management systems. While such challenges may not slow adoption, they will certainly create deployment constraints.
[Learn more about what the Intelligent Edge is and why it's useful]
IoT security guidelines
Properly securing IoT is no simple matter, as evidenced by the number of recent network intrusions resulting from a poorly secured IoT ecosystem. Security challenges remain, but data center operators can deal with those head on by adopting some best practices:
- Secure constrained devices. IoT devices usually have limited storage, memory, and processing capabilities. Those devices may also have to support low-power-usage environments and operate on batteries. That means security solutions that rely on encryption may not be a good fit for low-power devices constrained by limited processing capability. Simply put, the devices are unable to perform complex encryption and decryption chores and still transmit data in real time. That limits the devices to fast, lightweight encryption algorithms, which can be more easily broken. To compensate for these device limitations, adopters have to provide multiple layers of defense, such as segregating devices onto separate networks and using firewalls.
- Authorize and authenticate devices. IoT systems are filled with multiple devices that are potential points of failure. That makes device authentication and authorization critical. Security needs to be implemented where devices have to establish their identity before being granted access. However, many IoT devices use weak basic password authentication. Data center operators may want to adopt an IoT platform that incorporates two-factor authentication and enforces the use of strong passwords or certificates.
- Manage device updates. Keeping track of and applying updates, such as security patches, to IoT devices can be a challenging process. Administrators need to implement management controls that keep track of which updates are available and apply updates consistently across distributed environments. To resolve the issues presented by updates, administrators may need to implement device management solutions that automate updates and provide validation when updates are accomplished. Improperly handled updates can expose IoT devices to attack or compromise.
- Implement secure communication. How IoT devices communicate is another issue. Administrators need to ensure that communication across the network between devices and cloud services or applications is secure. Many IoT devices don’t encrypt communications by default, meaning administrators should implement transport encryption and adopt standards like Transport Layered Security (TLS). Separate networks can also be used to isolate devices, which helps to establish secure, private communication so that data transmitted remains confidential.
- Detect vulnerabilities and incidents. Security vulnerabilities and breaches are inevitable. Administrators must adopt strategies for detecting vulnerabilities and breaches. Those strategies include monitoring network communications and activity logs for anomalies, engaging in penetration testing and ethical hacking to expose vulnerabilities, and applying security intelligence and analytics to identify and notify when incidents occur.
- Manage vulnerabilities. When vulnerabilities are detected, they must be mitigated, and that may require deploying systems that detect and react to vulnerabilities. In some cases, that means automatically disabling or isolating affected devices until they can be patched or remediated. Actions should be automated and driven by some type of a rules engine that leverages vulnerability management policies.
Securing IoT may very well be the biggest challenge facing data center professionals, but it is not the only issue.
[Learn how to add additional security to edge computing]
IoT standardization and privacy
Data center professionals are quickly discovering that IoT consists of a lot of individual devices with their own specifications. Often, those issues are discovered only during the adoption phase, and they may seem insignificant in the beginning. Over time, however, lack of standardization will become a much bigger problem, as use cases fueled by growth require that smart devices can communicate with each other.
Ironically, much of the IoT is likely to be built with open source software, which should make it easier to adopt universal standards. But the few efforts that exist for standardization tend to be specific to a specific technology stack. Other standardization efforts are focused on applying existing standards or protocols to smart devices rather than being developed for the new demands of the IoT. Without a greater degree of cooperation, integration of large-scale IoT systems may prove to be difficult and problematic.
The IoT is beginning to offer a wealth of information about those who use it, mostly in the form of captured metadata. Many smart devices can be readily tracked and monitored, allowing manufacturers and others to potentially harvest information about device usage and even the data gathered by the device. For devices that interact directly with humans, the issues of privacy cannot be overlooked. The output of smart devices can be correlated with other metadata to reveal habits or other information to generate insights into potential activities. Those adopting IoT have to make sure that their security practices take into account privacy concerns, or they may risk exposure to legal precedents and class action lawsuits as countries debate what privacy rights the users of smart devices retain and which they forfeit.
One bit at a time
There is no denying that IoT is growing exponentially, and data centers will bear the brunt of the data and concerns generated by IoT. However, there is also no denying the potential of IoT to deliver new insights, improve operations, and grow services—so much so that the impact of IoT cannot be ignored. Data center operators must prepare and shape their policies to bring IoT under control for not only the benefit of the data center, but also the businesses and end users that rely on the insights offered.
[See what skills you need to survive in an IoT world]
This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.