Product Illustration
BackOctober 12, 2022
Author: Tom Daly

Secure your IoT Devices with Cloud Networks

Cloud Networks are safe, secure, and encrypted overlay networks that keep your data private and resources secured, yet globally accessible, just like the Internet should, but doesn’t.

We are in the 3rd act of the development of the global Internet. Act 1 was about connecting humans to humans across the world. Act 2 brought the rise of connected devices; from wireless speakers, sensors, and IoT devices, we connected more of our household infrastructure to the web. We have literally connected everything to the Internet.

image a

Act 3 takes the shape of being smarter and safer with our devices – by getting them off the Internet. It sounds ridiculous since Act 2 was all about connecting them, but stick with me, and I’ll make my point.

The Internet is a complex system with many different uses. It is an amazing open-access network where people, devices, and systems from across the world can communicate with each other, generally in a free and open manner. For example, your home laptop can connect to servers across the globe to fetch web pages, stream video, and download files. These uses are broad and need to be highly flexible to be able to reach any device, anywhere, on the global network.

image b

On the other hand, my home security cameras, home alarm system, and home A/V system are a different story entirely. These devices have no reason to be connected to the “global” internet. In fact, I’d argue that they need to be connected to a much smaller “slice” of the Internet. They need to be connected to a private Cloud Network, that is as widely accessible as the Internet is, but only to me.

My devices need to be connected to me wherever I am in the world, and they need to connect to any related Cloud Service for things like software updates, configuration, and orchestration. But they have absolutely no business reaching out to the entirety of the Internet. My devices need to connect to me, wherever I am, and not some random IP address spaces around the world that are not me. They just don’t need it.

Let us think over this concept in another context: Cloud Computing. Cloud Computing, at its fundamental core, is the rental of someone else’s computer for your own use. Cloud Computing firms, such as Amazon, Google, and Microsoft, go to great lengths to allow you to use their computers for your own needs, but for the sake of scaling, they extensively virtualize and containerize their servers into safe, segmented, and protected compute domains. A massive amount of innovation and engineering goes into providing Cloud Native applications a secure enclave to do their work that is protected from noisy neighbor workloads on the same machine and safe from hackers trying to hijack underlying hypervisors, container runtime engines, and related networking stacks.

Much in the same fashion that the Cloud Service Providers virtualize and containerize their compute resources, I’m suggesting that we need to do the same to the Internet when it comes to machine-to-machine, IoT device-to-IoT core communications. IoT devices need a network that wraps them into a secure enclave to communicate, one that is protected from peeking eyes or malicious attackers. The difference is that instead of protecting a physical server in a physical datacenter, we need to protect communications across the end-to-end Internet.

How could one solve this? One option is to deploy a private network between devices, clouds, and oneself. Corporations do this all the time in the form of private backbone networks, deploying MPLS solutions, and SD-WAN systems.

However, all of that is insanely expensive and not practical for most people. It defeats the purpose of using the ubiquitously accessible Internet. If I am traveling to Bratislava, Slovakia to meet with the Big Network Team, I don’t need an MPLS circuit dropped off ahead of my arrival.

To avoid the cost, lead time, and management of a dedicated connection, I need a ”slice” of the Internet for me and my devices. These slices should have the following properties:

  • Ubiquitously accessible to me, wherever I am.
  • Allow connectivity to whatever cloud service supports that device.
  • Private to me and the resources to which I choose to permit access.
  1. They do NOT need access to the global IPv4 or IPv6 addressing space - they simply need access to the range of networks I want to use.
  2. They do not need egress to the Internet in general, unless I want them to.
  • Secure and encrypted.
  • Minimal configuration and support in the long run.

· Ubiquitously accessible to me, wherever I am. · Allow connectivity to whatever cloud service supports that device. · Private to me and the resources to which I choose to permit access.

  • They do NOT need access to the global IPv4 or IPv6 addressing space - they simply need access to the range of networks I want to use.
  • They do not need egress to the Internet in general, unless I want them to.

· Secure and encrypted. · Minimal configuration and support in the long run.

That’s where Big Network’s unique private overlay network technology comes into play. Using a Cloud Network allows you to create private, secure, and encrypted overlay networks across the Internet without complex configuration.

Cloud Networks are peer-to-peer AES-secured full mesh networks that run / over / the Internet but don’t share access to the global routing system unless you choose to do so. And this is the place where your personal devices should live. A place where strict firewall / WAF / SWG policy chooses who is in and who is out. A place where malicious actors can’t discover your infrastructure, because it is encapsulated in a private overlay, carried via the Internet as we know it today for ubiquitous access.

Every machine we connect to the global Internet will someday be vulnerable in one way or another. We can help thwart those threats, reduce botnets, and reduce DDoS attacks by privatizing the networks these devices use to communicate with us, while still relying on the global Internet for transport. Are we ready to help secure the world together?

Learn more about Big Network’s platform with our Technology Overview available on our Support Site. Want to get started? Try us out now!