OE18803–INTERNET OF EVERYTHING

MS.MEENAKSHI.P,AP/INT
 UNIT II
• UNIT II TRANSITIONING TO IOE
• Convergence between organization’s operational technology (OT)
and information technology (IT) systems , M2M, M2P, and P2P
interactions, Business processes for evaluating a problem,
architectural structure to implement an IoE solution, Security
concerns.
 GE (General Electric) coined the name “ Industrial Internet ” as their term
for the Industrial Internet of Things,
 Cisco termed it the Internet of Everything and others called it Internet 4.0 or
other variants.
• The Industrial Internet provides a way to get better visibility and insight into
the company’s operations
• Integration of machine sensors, middleware, software, and backend cloud
compute and storage systems.
• Method of transforming business operational processes by using as
feedback the results gained from interrogating large data sets through
advanced analytics.
 OT and IT

 Operational technology(OT) monitors and manages industrial process

assets and manufacturing/industrial equipment.
 OT systems monitor events, processes and devices, and make adjustments
in enterprise and industrial operations.
 IT or information technology is about business and enterprise systems
that store, process and deliver information.
 IT systems are used for data-centric computing;
• IT-OT convergence is a term that refers to the integration of
information technology systems (which handle computing and data
processing) and operational technology systems (which manage and
control industrial operations).
• IIoT can be formally defined as “the use of smart sensors and
actuators to enhance manufacturing and industrial processes.
• Also known as the industrial internet or Industry 4.0,
• IIoT leverages the power of smart machines and real-time analytics
to take advantage of the data that dumb machines have produced
in industrial settings for years.”
• Today, more and more organizations are embracing Industrial IoT (IIoT)
technologies like
– smart meters,
– automated asset distribution systems,
– self-monitoring transformers.
– The rise of these new technologies has created a need for organizations to
optimize how machines, applications, and infrastructure collect, transmit, and process data.
Done right, convergence
– fix critical issues faster,
– make informed business decisions,
– and scale processes across both physical and virtual systems.
 BENEFITS OF IIOT
• Biggest benefits of adopting a fully connected IIoT

Increase Efficiency
Reduce Errors
Predictive Maintenance
Improved safety
Reduce Costs
 CHALLENGES
• Different team perspectives
• Device communication challenges
• Scalability issues
• Cyber security challenges
• Faster evolution of IT
• Data Integration challenges
• Lack of standardization
• Lack of skills
• Successful IT/OT convergence requires:
✓ Development of joint standards and governance structures to align IT
and OT
✓ Combined management and execution of cross-technology projects
✓ Alignment of duplicate and overlapping processes
✓ Development of inter-disciplinary skills within both domains
✓ Combining the split responsibilities between IT & OT, especially
concerning security
✓ Single management and monitoring of the now separate infrastructures
Machine-to-Machine (M2M) Connections:
Information transferred from one machi-ne or “thing“ to another over a
network.
Machines include sensors, robots, compu-ters, and mobile devices. Often
called the Internet of Things (IoT).

Machine-to-People (M2P) Connections:

Information transferred from a machine (such as a computer, mobile
device, digital sign) to a person, or vice versa.
Whether a person gets information from a database or conducts a
complex analysis, this is an M2P connection. Often called Data & Analytics.
• People-to-People (P2P) Connections:

– Information transferred from one person to another.

– Increasingly, P2P connections happen virtually, through video, mobile
devices, and social networks. Often called Collaboration.
 M2M
• Machine-to-Machine (M2M) communication is a form of data communication that involves
one or more entities that do not necessarily require human interaction or intervention in
the process of communication.
• M2M is also named as Machine Type Communication (MTC) in 3GPP.
• It is different from the current communication models in the ways that it involves:
– - new or different market scenarios
– - lower costs and effort
– - a potentially very large number of communicating terminals
– - little traffic per terminal, in general
• M2M communication could be carried over mobile networks (e.g. GSM-GPRS,
• CDMA EVDO networks).
• The applications of M2M cover many areas and the areas in which M2M is currently

a. Security : Surveillances, Alarm systems, Access control, Car/driver security

b. Tracking & Tracing : Fleet Management, Order Management, Pay as you
drive, Asset Tracking, Navigation, Traffic information, Road tolling, Traffic
optimization/steering
c. Payment : Point of sales, Vending machines, Gaming machines
d. Health : Monitoring vital signs, Supporting the aged or handicapped, Web
Access Telemedicine points, Remote diagnostics
e. Remote Maintenance/Control : Sensors, Lighting, Pumps, Valves, Elevator
control, Vending machine control, Vehicle diagnostics
f. Metering : Power, Gas, Water, Heating, Grid control, Industrial metering
g. Manufacturing : Production chain monitoring and automation
h. Facility Management : Home / building / campus automation
• Key features of M2M
• Some of the key features of M2M communication system are given below:
a. Low Mobility : M2M Devices do not move, move infrequently, or move only within a certain region
b. Time Controlled : Send or receive data only at certain pre-defined periods
c. Time Tolerant : Data transfer can be delayed
d. Packet Switched : Network operator to provide packet switched service with or without an MSISDN
e. Online small Data Transmissions: MTC Devices frequently send or receive small amounts of data.
f. Monitoring: Not intend to prevent theft or vandalism but provide functionality to detect the events
g. Low Power Consumption : To improve the ability of the system to efficiently service M2M
applications
h. Location Specific Trigger : Intending to trigger M2M device in a particular area e.g. wake up the
device
Architecture and components of M2M
• M2M Device: Device capable of replying to request for data contained within those
devices or capable of transmitting data autonomously.
• Sensors and communication devices are the endpoints of M2M applications.
• Generally, devices can connect directly to an operator’s network, or they will probably
interconnect using WPAN technologies such as ZigBee or Bluetooth.
• M2M Area Network (Device Domain): Provide connectivity
between M2M Devices and M2M Gateways, e.g. personal area
network.
• M2M Gateway: Equipment that uses M2M capabilities to ensure
M2M Devices inter-working and interconnection to the
communication network.
• Gateways and routers are the endpoints of the operator’s network in scenarios
where sensors and M2M devices do not connect directly to the network.
• Thus, the task of gateways and routers are twofold.
• Firstly, they have to ensure that the devices of the network may be reached
from outside and vice versa.
• These functions are addressed by the access enablers, such as identification,
addressing, accounting etc., from the operator’s platform and have to be
supported at the gateway’s side as well.
• Secondly, there may be the need to map bulky internet protocols to their
lightweight counterpart in low-power sensor networks
• M2M Communication Networks (Network Domain):
– It covers the communications between the M2M Gateway(s) and M2M
application(s)
• e.g.
– xDSL, LTE, WiMAX, and WLAN.
• M2M Applications: It contains the middleware layer where data goes through
various application services and is used by the specific business-processing
engines.
• M2M applications will be based on the infrastructural assets (e.g., access
• enablers) that are provided by the operator.
• Applications may either target at end users, sophisticated M2M solutions and
services. e.g. customer care functionality, elaborate billing functions, etc.
• Those services, or service enablers, may be designed and offered by an
application provider, but they might be offered by the operator via the
operator platform itself.
• Requirements for M2M
Some of the general requirements for the M2M System, as specified by ETSI, are given
below.
• M2M Application communication principles:
The M2M system shall be able to allow communication between M2M Applications in the Network
and Applications Domain, and the M2M Device or M2M Gateway, by using multiple communication
means, e.g. SMS, GPRS and IP Access.
Also a Connected Object may be able to communicate in a peer-to-peer manner with any other
Connected Object.
The M2M System should abstract the underlying network structure including any network
addressing mechanism used, e.g. in case of an
IP based network the session establishment shall be possible when IP static or
dynamic addressing is used.
• b. Message Delivery for sleeping devices: The M2M System shall be
able to manage communication towards a sleeping device.
• c. Delivery modes : The M2M System shall support anycast, unicast,
multicast and broadcast communication modes. Whenever possible
a global broadcast should be replaced by a multicast or anycast in
order to minimize the load on the communication network.
• d. Message transmission scheduling: The M2M System shall be able
to manage the scheduling of network access and of messaging. It
shall be aware of the scheduling delay tolerance of the M2M
Application.
• e. Message communication path selection: The M2M System shall
be able to optimize communication paths, based on policies such as
network cost, delays or transmission failures when other
communication paths exist.
• Communication failure notification: M2M Applications, requesting
reliable delivery of a message, shall be notified of any failures to
deliver the message.
• Scalability: The M2M System shall be scalable in terms of number
of Connected Objects.
• Abstraction of technologies heterogeneity: The M2M Gateway
may be capable of interfacing to various M2M Area Network
technologies.
M2M Service Capabilities discovery and registration: The M2M System shall
support mechanisms to allow M2M Applications to discover M2M Service
Capabilities offered to them.
Additionally the M2M Device and M2M Gateway shall support mechanisms to allow
the registration of its M2M Service Capabilities to the M2M system.
M2M Trusted Application: The M2M Core may handle service request
responses for trusted M2M Applications by allowing streamlined
authentication procedures for these applications.
The M2M system may support trusted applications that are applications
pre-validated by the M2M Core.
• Mobility: If the underlying network supports seamless mobility and
roaming, the M2M System shall be able to use such mechanisms.
Communications integrity: The M2M System shall be able to support
mechanisms to assure communications integrity for M2M services.
Device/Gateway integrity check: The M2M System shall support
M2M Device and M2M Gateway integrity check.
• Continuous connectivity: The M2M System shall support continuous
connectivity, for M2M applications requesting the same M2M service on a
regular and continuous basis.
– This continuous connectivity may be de-activated upon request of the Application or
by an internal mechanism in the M2M Core.
• Confirm: The M2M System shall support mechanisms to confirm messages. A
message may be unconfirmed, confirmed or transaction controlled.
• Priority: The M2M System shall support the management of priority levels of
the services and communications services. Ongoing communications may be
interrupted in order to serve a flow with higher priority (i.e. pre-emption).
• Logging: Messaging and transactions requiring non-repudiation shall be capable
of being logged.
– Important events (e.g. received information from the M2M Device or M2M Gateway is faulty,
unsuccessful installation attempt from the M2M Device or M2M Gateway, service not operating,
etc.) may be logged together with diagnostic information.
– Logs shall be retrievable upon request.
• Anonymity: The M2M System shall be able to support Anonymity. If anonymity
is requested by an M2M Application from the M2M Device side and the request is
accepted by the network, the network infrastructure will hide the identity and the
location of the requestor, subject to regulatory requirements.
• Time Stamp: The M2M System shall be able to support accurate and secure and
trusted time stamping.
M2M Devices and M2M Gateways may support accurate and secure and trusted time stamping.
• Device/Gateway failure robustness: After a non-destructive failure, e.g. after a
power supply outage, a M2M Device or Gateway should immediately return in a
full operating state autonomously, after performing the appropriate initialization
e.g. integrity check if supported.
Radio transmission activity indication and control: The radio transmitting
parts (e.g. GSM/GPRS) of the M2M Device/Gateway should be able to provide (if
required by particular applications e.g. eHealth) a real-time indication of radio
transmission activity to the application on the M2M Device/Gateway, and may be
instructed real-time by the application on the M2M Device/Gateway to
suspend/resume the radio transmission activity.
 Issues /concerns in M2M
• It is expected that M2M devices would typically operate unmanned and
unguarded by humans and thus are subject to increased levels of security
threats, such as physical tampering, hacking, unauthorized monitoring, etc.
• Terminal devices may also get geographically dispersed over time. Such M2M
devices should therefore provide adequate security to detect and resist attacks.
• Devices may also need to support remote management including firmware
updates to correct faults or recover from malicious attacks.
• Some M2M Equipments (M2Mes) are typically required to be small,
inexpensive, able to operate unattended by humans for extended periods of
time, and to communicate over the wireless area network (WAN) or WLAN
 SDN (Software Defined Networking)
• SDN is an approach to networking that enables network nodes
to be managed through programming, rather than traditional
system administration methods.
• Limitations of Conventional Network architecture
– Complex Network devices
– Management Overhead
– Limited Scalability
 Why SDN?
Virtualization: Use network resource without worrying about where it is
physically located, how much it is, how it is organized, etc.


Abstraction ⇒ Virtualization.
Orchestration: Should be able to control and manage thousands of devices with one
command.
Programmable: Should be able to change behaviour on the fly


Dynamic Scaling: Should be able to change size, quantity



Automation: To minimize manual involvement

Troubleshooting, Reduce downtime, Policy enforcement, Provisioning/Re-
provisioning/Segmentation of resources, Add new workloads, sites, devices.
ww.cse.wustl.edu/~jain/cse570-18/
 Why SDN?
Visibility: Monitor resources, connectivity


Performance: Optimize network device utilization, Traffic engineering/Bandwidth



management, Capacity optimization, Load balancing, High utilization, Fast failure

handling
Multi-tenancy: Tenants need complete control over their addresses, routing, toplogy.

Service Integration: Load balancers, firewalls, Intrusion
Detection Systems (IDS), provisioned on demand and placed
appropriately on the traffic path
Openness: Full choice of “How” mechanisms
⇒ Modular plug-ins
⇒ Abstraction:
/
• SDN is a networking architecture that separates the separates the control
plane from the data plane and centralizes the network controller.
• SDN is software-based, while traditional networking is hardware-based.
• Because the control plane is software-based, SDN is much more flexible
than traditional networking.
• It allows administrators to control the network, change configuration
settings, provision resources, and increase network capacity—all from a
centralized user interface, without adding more hardware.
•API used :
•Northbound API - interface application layer with control
layer; provides abstract view of network to application layer
•South bound API – interface controller and infrastructure
layer; controllers can deploy different rules on routers and
switches and they can communicate with controller in real
time
•East and West bound API – interfacing multiple controllers
so that they can coordinate decisions
 SDN CONTROLLER
•An application that manages flow control to enable intelligent
networking
•They are based on protocols such as Open flow that allow servers to
tell switches where to send packets
 OPEN FLOW
•Protocol for controlling the forwarding behavior of ethernet
switches in a SDN
•Specifications maintained by Open Networking Forum
 NFV
• Network Function Virtualization(NFV) – Is a technology that
leverages virtualization to consolidate the heterogenous network
devices on to industry standard high volume servers, switches and
and storage.
• Is a complementary to SDN and it provides the infrastructure on
which SDN can run
• Beneficial to each other but not dependent.
A high level ETSI NF
ETSI identified three main working domains:
1) Virtual Network Functions (VNFs)
– These are individual functions of a network that have been virtualized. Possibilities are endless
firewalls, Evolved Packet Core, etc.
2) NFV infrastructure (NFVI)
The infrastructure required to run the VNFs.
This is made up of hardware resources (computing servers and network switches), and virtual
resources (“abstractions” of the hardware on which the VNFs run, known as “virtual machines” (VMs).
A virtualisation layer (the “hypervisor”) exists to abstract between the two.
3) NFV management & orchestration (MANO)
MANO is the framework for management and orchestration of all the resources in the NFV
environment. It is where the management of resources in the infrastructure layer takes place, and is
also where resources are created and delegated and allocation of VNFs is managed.
• NFV enables separation of network functions which are
implemented in software from the underlying software.
• Thus new functions can be easily tested and upgraded by installing a
new software while the hardware remains the same.
 M2P
• People play an important role in harnessing the digital intelligence
gathered by M2M connections.
• The resulting M2P connections are essential for optimal decision
making.
• M2P connections mean that people can send information to technical
systems and receive information from these systems.
• M2P connections are transactional, which means the flow of
information moves in both directions, from machines to people and
from people to machines.
• M2M and P2P connections are also transactional.
• M2P technologies can range from automated customer notification
systems with preset triggers, to advanced dashboards that help
people visualise analytics
 P2P

• People-to-People (P2P) connections occur when information is transferred

from one person to another
• P2P connections are characterised by collaborative solutions that leverage
new and existing network infrastructure, devices, and applications. These
optimised and secure network platforms allow for voice, video and data to
be presented in a single view, to and from any endpoint or mobile device.
• P2P applications provide services for managing meeting room reservations
and resources, for example, using Cisco Smart+Connected Meeting Spaces.
• P2P applications also support online collaboration through web and video
conferencing, for example, using Cisco Webex.
 M2M, M2P, P2P interacting to form solutions

Step 1 Step 2 Step 3 Step 4 Step 5

Customers talk Companies talk Supply chain Machines on the Suppliers of raw
to companies to supply chain management factory floor talk materials inform
through management systems talk to to the suppliers supply chain
purchase habits channels. machines on the of raw materials. management
and online factory floor. channels of the
feedback. shipment of raw
materials.
• With IoE, there is the potential of providing connections all the way
back to the mines and drilling operations, where raw materials are
extracted from the ground.
• Those mines, which are the start of the production value chain,
illustrate the IoE’s value, particularly its ability to offer predictive
insights.
• There are many challenges and each system has its own
requirements which must be considered.
• The processes required for connecting different systems, how you
may adjust different technologies.
 IMPLEMENTING IOE SOLUTION
• Understanding existing business
processes
• Understanding existing IT and OT
networks
• Business goals and opportunities
• Cisco streamlines old mining
operation
• Determine technical requirements
• Potential constraints
• The IoE architectural approach
• Adjusting technologies
• Connecting processes
• The IoE in retail
• The IoE in manufacturing
• The IoE in the public sector
• The IoE for service providers
• Proprietary ecosystems
• Technological growth
• Growth relevance to IoE
• Big data challenges
• Bandwidth requirements
• Cloud vs fog computing
• The learning society
 Understanding existing business processes

• One of the first steps business managers must take is to understand

their current processes. They must identify:
– Who their suppliers and customers are
– What customer needs are
– What the schedule and process steps are for creating and delivering an
offering
• For example, as a supply manager or distributor, it is important to
understand when receipt of an item will be in relation to the
expiration dates of those same products.
 Understanding existing IT and OT networks
• organisations that are implementing an IoE solution must consider the
existing IT and OT network infrastructures and operations.
• Business managers must understand how the IT network users interact
with the network resources and services and gather information about all
internal and external access to the existing network infrastructure.
Without full knowledge of who has access to the network and how it is
used, the intended solution might not include some user requirements,
or incorrectly identify user groups. Other considerations include
identifying the existing network and infrastructure components, and
capabilities, including support for traffic requirements, data storage, and
security needs.
• In addition to understanding IT network operations, business
managers must also consider how current networks of OT systems
operate. This includes knowing how the M2M connections currently
take place, the information that is generated from these
connections, and how this information is integrated into the current
business processes.
 Business goals and opportunities

• Business managers must also take into consideration business goals, business styles,
tolerance to risk, and the level of technical expertise available.
• Business managers must analyze the feasibility of an IoE project based on how it
contributes to business success. Considerations might include:
• Profitability − Determine cost and return on investment of implementing the IoE project as
a result of efficiencies and improvements.
• Business growth and market share − Identify growth opportunities and competitive
advantages due to the IoE implementation as a result of new insights.
• Customer satisfaction – Determine the impact to customer experience and loyalty as a
result of improved responsiveness to customer needs.
 Determine technical requirements
• After business managers have determined their priorities and
established the changes in business processes that must be made,
the technology professionals can then begin the process of
determining the technical requirements.
 Standardisation Equipment Network Security Network Programming Data processing
scalability management and access

What technology What new How does the What security Does the new What are the When is it
is required to equipment is existing measures need to device integration programming necessary to
allow these required? Are infrastructure be implemented create a more requirements forward data to
systems to sensors needed to need to be on IT systems, OT complex network needed to support the Cloud for
communicate to track information? modified to systems, and end environment? If non-IP-enabled processing, and
IT systems, or to What devices are support the new devices? so, what new and IP-enabled when does data
convert these needed to technical services and devices? need to be
systems to use IP? aggregate requirements and applications need processed closer
information and data load? to be installed to to the source, for
help with simplify the example, in the
information management of Fog?
management? these updated
systems?
 Potential constraints

• Constraints can and do affect IoE implementations and should be

identified early when implementing a solution.
• The relative importance of the constraints varies from project to
project.
• Business managers must also consider the complexity of any
existing IT and OT designs when converging IT and OT in the new IoE
implementation.
 Budget Legacy systems Technical expertise Policies Culture
Limited resources may Businesses may have The lack of trained The design must The change over to an
require some large capital personnel to account for existing IoE implementation
compromises in design investments in existing implement an IoE policies regarding requires a
due to the costs of systems. solution is a major protocols, standards, collaborative
equipment, software, constraint. vendors, and environment with
or other components. applications. If open communications
necessary, these between traditionally
policies need to be segmented
refined or removed. In departments.
some cases, new
policies must be
created to facilitate the
IoE implementation.
 Proprietary ecosystems
• To achieve a complete IoE solution, interoperability is critical.
OT networks and systems are often implemented using
proprietary protocols that may be insecure. These protocols do
not interoperate well with the protocols of an IP network,
which are typically more secure.
• One of the first steps is to develop a solution that allows the
devices to speak the same language, regardless of the vendor.
One way to accomplish this is to convert proprietary networks
to IP-based networks.
• Another approach is to ensure that these proprietary protocols
can communicate through a translator.
 Technological growth
• The rate of technological growth is accelerating exponentially. To
maintain a competitive advantage, organisations must be able to
account for this growth.
• There are three primary principles, referred to as laws that
organisations and experts can use to help them plan for
technological needs:
• 1.Moore Law –
• 2. Metcalfe’s Law
• 3. Reed’s Law –
 Growth relevance to IoE
• Moore's law allows organisations to plan for their own technological
advances, but also to predict the advances of their competitors.
• Metcalfe's law is useful for business managers to calculate the
optimal number of interconnections between nodes.
• These principles allow organisations to better predict and plan for
future needs and opportunities.
 Big data challenges
• The exponential growth of data continues as the number of things
connected to the Internet increases.
• For data to be a true asset, it must be used effectively. In addition,
using old, inaccurate data wastes time, resources, and money.
– bandwidth capacity on existing links connected to data centres
– privacy concerns for user data
– managing data for real-time communications
– selecting and analysing appropriate data.
• Bandwidth requirements
• Cloud vs fog computing
• The learning society
 MODELLING AN IOE SOLUTION
• Health care
– Diabetic patient health care solution –Patient with type 1 diabetic
– Patient contacted HMC to monitor him.
– Health monitoring Company (HMC) uses sensors, fitness tracker to know his sugar
level
M2M:
1. Sensors to HMC – HMC to control traffic signal
2. HMC to Door Lock
M2P:
1. HMC alarm to Patient
2. HMC to Patient showing sugar levels.
• P2P:
– Patient to HMC
– Patient to Patient treatment center personnel
– Doctor to Patient
Analytics tools
Patient Monitor

Analytics tools

Glucose Exercise level Respiration levels

• Why analytics?
• Value in good modelling:
– Model Flowcharts,Topology,Prototype.
•
• Triton malware that shut down Saudi Arabia’s Red Sea Refinery
targeted the code of the Triconex line of safety systems.
• The rogue code disabled safety systems designed to prevent
industrial accidents, which could have resulted in an explosion from
the high pressure and temperature operation.
• There happened to be a flaw in the code that did not allow the
perpetrator to remotely access the industrial assets, and instead a
trigger was released from the Triconex safety systems to shut down
the plant.
• Organizations must find the right balance among the
– confidentiality, integrity, and availability (CIA) triad.
– Availability is paramount in OT systems
– confidentiality and integrity in IT systems
• Evolution of a model
• The Purdue Enterprise Reference Model Architecture was
established in the 1990s by Theodore J. Williams in cooperation
with the Purdue University Consortium for computer integrated
manufacturing and adopted as ISA-99 standard.
• A common practice in the past was to restrict access such that
information technology (IT) Levels 4 and 5 could only communicate
down to Level 3.
• However, Levels 2 or 3 could communicate up to Levels 4 and 5.
• Levels 0 and 1 were isolated to only the operational technology
(OT) network, which some described as the ‘OT zone’.
• Level 3 represents plant site operations, and it is increasingly
becoming the area where IT and OT convergence occurs. It is also
where security individuals attempt to close any air gaps, a physical
isolation security measure, existing between the IT and OT network.
• New layers have been added demilitarized zone (DMZ) now exists
between Levels 3 and 4, and it uses firewalls and proxies to secure
communications.
• The DMZ layer function as a subnetwork to protect a company’s
exposed, outward-facing services.
• The Zero Trust Architecture was initially proposed in September 2019
and then updated based on feedback in February 2020.
Authentication is a security process for verifying the user, asset, or
resource is who they declare themselves to be.
• Authorization determines to what degree the user, asset, or resource is
permitted to access resources such as files, services, computer
programs, and data.
• Organizations adopting multi-factor authentication for their remote
users are also moving to the use of multi-factor authentication for all
logins to sensitive applications.
• The standard addresses cybersecurity for device-to-device
communication, sensitive data protection, authentication,
authorization, and guidelines for device vendors.
• ISA/IEC 62443 and IEC 62443 provide a list of cybersecurity
requirements for digital transformation.

• Security strategy
Adaptable and real-time security
Prepare to handle security as you
grow by deploying adaptable and
real-time security. As business
evolves, adjust security levels to
minimize risk.
Security and the IoE
Secure and dynamic connections Protecting customer and brand trust
Ensure that the right level of Reduce the impact and cost of
security is in place for all security breaches with a seamless
connections all the time. Advanced security strategy. Security breaches
security measures and protocols erode customer confidence and
help achieve regulatory and privacy brand integrity. The security
compliance. All valuable assets strategy must detect, confirm,
including intellectual property, data, mitigate, and remediate threats
employees, and buildings are across the entire organisation.
protected.
• Pervasive
• Within the IoE, security must be pervasive. The approach to security
must be:
– consistent, automated, and extend to secured boundaries across organisations
– dynamic, to better recognise security threats through real-time predictive
analytics
– intelligent, providing visibility across all connections, and elements of the
infrastructure
– scalable, to meet the needs of a growing organisation
– agile, able to react in real-time
– comprehensive, end-to-end solution.
• Security architecture
Access Control
Access control provides policy-based
access for any user or device seeking
access to the distributed network. Users
are authenticated and authorised. End
devices are also analyzed to determine if
they meet the security policy. Non-
authenticating devices, such as printers,
video cameras, sensors, and controllers
are also automatically identified and
inventoried.
Context-aware policies
Context-aware policies use a simplified
descriptive business language to define
security policies based on the full context
of the situation: who is sending, what
information, when, where and how. These
security policies closely align with business security services, standalone appliances,
policies and are simpler to administer
across an organisation. They help
businesses provide more effective security
and meet compliance objectives with
greater operational efficiency and control.
Context-aware inspection
and enforcement
Context-aware inspection and security
enforcement use network and global
intelligence to make enforcement
decisions across the network. Flexible
deployment options, such as integrated
or cloud-based security services bring
protections closer to the user.
Network and global
intelligence
Network and global intelligence uses the
correlation of global data to ensure that
the network is aware of environments that
have a reputation for malicious activity. It
provides deep insights into network
activity and threats for fast and accurate
protection, and policy enforcement.
• Security devices
• Application-centric security
• As organisations move to application-centric environments, the
traditional security solutions are no longer adequate.
• ACI Security Solutions can be managed as a pool of resources that
are attached to applications and transactions using a central
controller.
• This solution can automatically scale on demand providing seamless
policy-based security
• Reduces cost and complexity
 Wireless Security
• Wireless security is often implemented at the access point, or the
point where the wireless connection enters into the network. Basic
wireless security includes:
– setting strong authentication protocols with strong passwords
– configuring administrative security
– enabling encryption
– changing all default settings
– keeping firmware up-to-date.
• Redundancy and high availability
– redundant servers
– redundant fibre connections
– redundant power supplies.
Security policy
 Remote access Information privacy Computer security Physical security Password policy
policy policy policy policy
Defines who can Defines what Defines the way in Defines how Defines what
connect, how they methods are used to which users are physical assets are password will be
can connect, when protect information allowed to use secured. Some used to access
they can connect, depending on the computers. This assets may need to specific resources
and what devices level of sensitivity. policy might define be locked away at and the complexity
can be used to Generally, the more who can use certain night, kept in a of the password.
connect to a system sensitive the computers, what locked area at all Often, this policy
remotely. This information, the programs must be times, or specifically will control how
policy also defines greater the level of used to protect a designated not to often a password
the assets that are protection used to computer, or if a leave the property. must be changed.
accessible to a secure it. certain storage
remote user. media is allowed to
be used.
• Personal data and the IoE
Volunteered data Inferred data Oserved data

Volunteered data is created Inferred data, such as a Observed data is captured

and explicitly shared by credit score, is based on by recording the actions of
individuals, such as social analysis of volunteered or individuals, such as location
network profiles. observed data. data when using cell
phones.