Guarding the APAC IoT Gateway: Expert Insights From HPE’s Nick Harders
Today’s hyper-connected world makes any internet-enabled device a potential target for cyber attacks. With billions of IoT devices integrated into daily life, the risks are only growing. Hackers are now said to be turning their heads to IoT systems, exploiting vulnerabilities to access private data, spread malware, or even cause tangible harm. As businesses, consumers, and government agencies alike are increasingly dependent on IoT, securing these systems is essential.
Securing IoT does not just come solely from an end-user point of view. Manufacturers must also embed strong security features into their designs to prevent these devices from becoming easy targets.
Without proactive security measures, the flood of new devices could open up more gateways for cyber attacks, escalating the overall risk. Hence, understanding the prevalent risks, learning from past breaches, and adopting modern IoT security solutions are all too critical as organisations are now seeking to protect themselves.
IoT: The More Connected You Are, The Higher Chance of You Being a Target
When asked how IoT security challenges differ from traditional IT systems, Nick Harders, HPE Aruba Networking’s APJ SASE Director, doesn’t mince words. He points out that IoT devices are inherently more vulnerable due to their sheer diversity and widespread use. Unlike conventional IT systems, which benefit from well-established security layers, IoT devices often operate with minimal controls and limited resources.
“IoT devices face unique security challenges compared to traditional IT systems due to their high distribution and diversity, which lead to inconsistent security practices and a lack of universal standards,” Harders explains. These devices, often designed for convenience and efficiency, can quickly become entry points for attackers. Unlike traditional systems, IoT devices are typically not built with the robust security frameworks or maintenance protocols we’ve come to expect.
And the consequences? Significant. The senior executive stresses that while businesses might see initial cost savings by neglecting security updates, the long-term risks far outweigh any short-term benefits. The cost of a security breach on a network filled with IoT devices can devastate operations.
Governments Are Leading the IoT Security Charge
The APAC region is at the forefront of IoT adoption, with the number of connected devices expected to reach nearly 39 billion by 2030. This surge presents both opportunities and risks. Harders notes that as IoT technology continues to grow in popularity, security measures must evolve accordingly. Governments across the region, he says, are currently stepping up their efforts.
“Governments are responding with regulations and standards aimed at improving IoT security,” he says, pointing to Singapore’s Cybersecurity Labelling Scheme (CLS) as an example. This initiative, which rates consumer IoT devices based on their security features, is the first of its kind in the region and reflects a growing awareness of the risks IoT poses.
By setting benchmarks for security and encouraging manufacturers to adhere to them, schemes like the CLS can help strike a balance between innovation and safety. But Harders cautions that this is only the beginning. As IoT devices proliferate, businesses need to embrace security as a priority rather than an afterthought.
HPE Aruba’s AI-Driven Approach to IoT Security
So how is HPE Aruba Networking addressing the IoT security conundrum? Nick Harders, the APJ SASE Director for HPE Aruba Networking, points to their new AI-powered, behavioural analytics-based NDR solution as a game changer in threat detection and response.
“The NDR solution utilises telemetry from HPE Aruba Networking Central’s data lake to train AI models to monitor and detect unusual activity in vulnerable IoT devices,” he explains. This capability is essential given the increasing reliance on IoT devices to fuel mission-critical business processes. From detecting changes in network traffic to identifying potential breaches based on subtle deviations in device behaviour, AI plays a pivotal role in securing IoT environments.
More than just a detection tool, HPE’s NDR solution integrates attack detection with policy recommendations, allowing teams to preview changes before implementing them. This ensures that any countermeasures taken won’t inadvertently disrupt network operations – a major concern when managing vast, interconnected systems.
Campus-Based ZTNA: Bridging Cloud and Local Networks
But IoT security doesn’t end with detection. Harders discusses HPE Aruba Networking’s introduction of campus-based ZTNA as a key component of their holistic approach. This innovation brings the power of Zero Trust Network Access (ZTNA)—a security framework that continuously verifies users and devices—directly to Local Area Networks (LANs).
“Campus-based ZTNA allows businesses to benefit from consistent and comprehensive security policy enforcement across both cloud environments and local area networks,” Harders notes. This means businesses can now apply the same stringent access controls they use in the cloud to their on-premises networks, ensuring seamless security for users no matter where they are or how they connect.
In a world where hybrid workforces are the norm, this level of flexibility is essential. The ability to enforce security policies across different network environments not only enhances user experience but also simplifies the management of increasingly complex infrastructures.
The Zero Trust Imperative
Finally, no discussion of modern cybersecurity would be complete without mentioning Zero Trust. Harders describes Zero Trust as essential to managing the ever-expanding attack surface created by IoT devices. Rather than relying on outdated perimeter defences, Zero Trust continuously verifies every user and device, ensuring that only authorised entities gain access to sensitive systems.
“Zero Trust requires continuous verification of users, devices, and applications,” he says. And with IoT devices becoming increasingly integral to business operations, this approach is more crucial than ever.
In the APAC region, frameworks like Singapore’s GovZTA are helping organisations adopt Zero Trust principles, improving visibility into potential threats and enabling faster, more effective responses.
Emerging IoT Threats
Looking ahead, the IoT security landscape shows no signs of calming down. Harders highlights several emerging trends businesses must be prepared for, chief among them the vulnerabilities found in devices like building management systems and teleconferencing platforms.
“Nearly a third of enterprise decision-makers who experienced breaches identified connected devices as a primary target,” he warns. As IoT devices become more embedded in day-to-day operations, businesses need to ensure that security is integrated into the design of these systems from the outset.
Harders advocates for proactive security measures, emphasising the need for ongoing support and updates. Staying ahead of potential threats, he says, is critical in an environment where new vulnerabilities are constantly being discovered.
As IoT adoption accelerates, so too does the need for robust security solutions that can keep pace with the evolving threat landscape.
Hence, Nick Harders left us with a clear message: Businesses must prioritise security in an increasingly connected world. Those that do will not only protect themselves from the growing array of threats but will also unlock the full potential of IoT innovation.