bluebay2014 - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How might NFV in IoT enhance network edge security?

The emergence of IoT devices has considerable network security implications. An NFV architecture, however, could add another layer of network defense.

Network functions virtualization, or NFV, is a distinct technology category that's separate from IoT. But what about NFV in IoT? As it turns out, the two technologies' technical requirements and use cases are aligned in ways that make them complementary.

IoT systems are designed so data collection and related computation occur at the network edge in remote locations away from the data center. Relevant data is sent to a data center or the cloud over a network. That setup seems no different than conventional branch networks and computers.

The difference is IoT devices are numerous, which imposes large-scale requirements and the need to manage many sensors or devices. Security risks are also a factor, as IoT devices in remote locations may be hard to manage, and often the devices are not patched for security.

What are the implications for the network, with many potentially unpatched devices? Because IoT is a relatively new area with rapid growth, conventional security procedures may not accommodate IoT devices, creating challenges for a network architect.

NFV in IoT provides defense in depth

While NFV may not be an end-all for delivering an IoT network and security infrastructure, it can be a useful part of the puzzle.

Network designs using NFV can be a good fit for IoT environments, because NFV allows for the easy deployment of network functions. By using an NFV-based security system, you could shield the data center from potentially compromised IoT devices. This provides for defense in depth, an information assurance technique originally conceived for national security. 

These NFV systems can be deployed close to the IoT device, running within servers already deployed for IoT data processing. Thus, the server platforms serve a dual purpose for NFV-based security and IoT data processing.

But what are the implications for IoT architects? IoT initiatives are often driven by business requirements, as opposed to IT needs. As a result, these initiatives may inadvertently bypass IT risk assessment during early design phases. As deployment deadlines lurk, IT may be asked to deliver a secure and productive network. IT teams should be aware and prepared so they're not surprised.

By employing NFV security best practices, you could create a network design that uses infrastructure already used for IoT, such as local servers for data processing. This strategy could save time and money, compared with deploying a parallel infrastructure to provide for security.

While NFV in IoT may not be an end-all for delivering an IoT network and security infrastructure, it can be a useful part of the puzzle.

This was last published in December 2018

Dig Deeper on Network Security