As the year draws to a close, it's natural to think about the opportunities and challenges we'll face in 2015. Although predictions are never easy, there's one thing we can count on: an insatiable hunger for connectivity that shows no sign of slowing.
While demand for connectivity has been steadily growing, the ‘as-a-service' era ushered in by cloud computing certainly gave it a big push forward. That push is nothing compared to what will be needed for the Internet of Things (IoT) — a world where objects and machines, as well as computer devices, are connected to each other via smart applications. Gartner predicts that within six years, 30 billion connected “things” will be in use.
The IoT promises to revolutionize the way we live and work. But for the IoT to have the transformational impact everyone is imagining, the network must be able to securely and efficiently handle all these connections. Clearly, all these connections have the potential to make networks very vulnerable. Plus, considering that for every device that needs connecting, a unique identifier is needed to match it to a specific network address, the management aspects of this can also be daunting.
So how can enterprises prepare for this new world, starting with the year ahead? Alongside other transformation networking technologies such as software-defined networking and network virtualization, two areas need to be front and center: Domain Name Server (DNS) security and IPv6 deployment and migration.
DNS infrastructure, with its distributed architecture, is a vital component of internet functionality and availability. DNS has already demonstrated its scalability and flexibility to ensure a human-friendly way to connect with IP address-based devices on the network all over the globe.
In the IoT world, DNS will play an even more central role with the explosion of machine-to-machine connections. The DNS service will establish and maintain the association between an object and its network addresses, from which information about such objects (e.g., status, location) can be extracted. IoT has far-reaching consequences at the DNS security level. Today, DNS is a key target for attacks – a recent IDC survey found that 72 percent of respondents had been the target of a DNS attack in the last 12 months. As the IoT proliferates, businesses will need greater security mechanisms to protect against distributed denial-of-service (DDoS) and cache poisoning. To create a more secure IP network infrastructure, enterprises must address these three key areas:
- DNSSEC (Domain Name System Security Extensions): DNS was not originally designed to include security. DNSSEC plays a key role in ensuring the integrity and authenticity of DNS data and helps to eradicate the risks of data corruption.
- DNS RRL (Response Rate Limit): This is an enhancement to the DNS protocol that can look at the pattern of packet requests and responses to identify and decrease the power of DNS amplification attacks.
- Using a mixture of DNS engines to mitigate the risk of attacks: This approach is highly effective but does require being able to maintain a single view across heterogeneous server environments.