Blog
Topic
All
AIoT
SMB Solutions
Products and technologies
Industries
All
Retail
Traffic
Education
Logistics
Banking
Building
Energy
Manufacturing
Sports
Sustainability
Sustainability
Business trends
Cybersecurity
Partner and customer experience
Thermal
Events
Alarm
ESG
Access control
Video Intercom
LED
Software
Resources and events
IFPD
WonderHub
Virtual Production
Hikvision eLearning
Tourism
Search blog
Blog
Filter
Cancel
Topic
All
AIoT
SMB Solutions
Products and technologies
Industries
All
Retail
Traffic
Education
Logistics
Banking
Building
Energy
Manufacturing
Sports
Sustainability
Sustainability
Business trends
Cybersecurity
Partner and customer experience
Thermal
Events
Alarm
ESG
Access control
Video Intercom
LED
Software
Resources and events
IFPD
WonderHub
Virtual Production
Hikvision eLearning
Tourism
Reset
Submit

Business network segmentation: a must in the IoT era

 

The key to protecting network connected devices, and sensitive operational and customer data is to segment your network, which means creating separate network domains for different types of systems and devices – including IoT devices.


Many IoT devices are just small, Linux computers put in things like light bulbs, refrigerators and thermostats. However, do you care about the cyber security of them?  Or have you updated their patches regularly?


It is fundamentally risky to keep all of your devices on a flat network. This kind of security risk can clearly lead to non-compliance with data protection regulations – such as GDPR in Europe – potentially resulting in large fines that many small businesses just can’t afford. And the worst part is it probably would never have happened if the appropriate network segmentation, firewalls and security controls had been in place.

 

The old way: “flat” networks with just one point of entry

To understand the need for network segmentation, it’s first necessary to understand what a traditional “flat” network architecture looks like (illustrated below). Unlike segmented networks, flat networks have just one firewall router, usually purchased from a retailer, or installed by an Internet Service Provider.

 

Figure 1: A traditional, flat network architecture
This is called a flat network because there is no firewall or logical separation between any of the devices, so they can talk directly to every other device on the network.


This kind of architecture worked well when most small businesses just had a few computers, which was often the case in the late 90s and early 2000s. Back then, there was no Wi-Fi, no IoT network-connected devices, and very few (if any) mobile phones that had access to the Internet.

 

Why flat networks are no longer OK

When smartphones with Wi-Fi access became commonplace, many small companies found that the number of devices connected to their network doubled over a very short period of time, increasing networking and – specifically – cybersecurity challenges.


Today, network security is an even tougher challenge, as smart TVs, smart light bulbs, smart refrigerators, and a wide range of other IoT devices are being connected to small business networks at scale – sometimes resulting in literally hundreds of devices on the network.


All of these new devices have a network interface, storage, memory, processors and an operating system. In other words, they are computers, and they are just as vulnerable to attack as any other kind of computer or smartphone.


Additionally, IoT devices in particular are always connected to the Internet, and are rarely patched, making them a relatively easy target for hackers. Remember, hackers can use these devices to access the network as a whole – which could potentially lead to a major data breach and – in the worst cases – large regulatory fines.

 

Boost your cybersecurity with network segmentation

By segmenting their networks, small businesses can isolate devices and systems on separate sub-networks. This not only allows better sharing of throughput or bandwidth to the Internet, but it also helps to secure systems that contain sensitive data, and separates those systems from people and other systems that don’t need to have contact with them.


In the typical small business, this can be achieved by using two or more routers, and looks like this:

 

Figure 2: A segmented small-business network with three routers that segment general systems, Payment Card Industry (PCI) compliant systems, and IoT systems – in this case, a video security system.

 

Isolating problems with network segmentation

Another key benefit of network segmentation is the ability to isolate any problems resulting from cybersecurity breaches. If a laptop gets infected with malware, for example, it won’t be able to get into the IoT network, which is protected by its own firewall. The same is true if an IoT device is compromised; the firewall on the general network will stop the issue from spreading to those systems.


With network segmentation, the old adage “better safe than sorry” definitely holds true. It’s just a question of thinking about which systems need to talk to each other, and which really don’t. Once you’ve figured that out, you can make simple architectural changes that protect your critical systems, devices and data – and ensure you stay compliant with GDPR and other relevant regulations.
 

Business trends

Subscribe to newsletter

Subscribe to our email newsletter to get the latest, trending content from Hikvision

Hikvision.com uses strictly necessary cookies and related technologies to enable the website to function. With your consent, we would also like to use cookies to observe and analyse traffic levels and other metrics / show you targeted advertising / show you advertising on the basis of your location / tailor our website's content. For more information on cookie practices please refer to our cookie policy.

Contact Us
Hik-Partner Pro close
Hik-Partner Pro
Security Business Assistant. At Your Fingertips. Learn more
Hik-Partner Pro
Scan and download the app
Hik-Partner Pro
Hik-Partner Pro

Get a better browsing experience

You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.