Last week, Cisco made a number of product announcements that deliver the benefits of its intent-based networking (IBN) solution to Internet of Things (IoT) deployments. Network World’s Michael Cooney did a great job summarizing all the product announcements, so I won’t rehash that information, but I did want to discuss the importance of IBN to IoT.
The importance of IBN to IoT
IBN is something that has been theorized for almost a decade, but solutions only became available recently. The reason why there has been a lag between vision and product is that network engineers didn’t really need IBN to run their networks until recently. Environments were closed, applications were on premises, and everything was under the tight control of the IT organization.
But then the world changed, and things went from controlled to chaotic. IBN was designed to bring order back to the chaos that has become the enterprise network.
The enterprise network is becoming more chaotic
To date, the driving forces behind the change have been things like moving apps to the cloud, the erosion of the enterprise perimeter, and an increase in mobility. But none of these will have the impact that IoT will have on the enterprise network. IoT adds orders of magnitude more devices, many of which are not owned by the IT department. Also, many IoT devices have no inherent security capabilities and often have old operating systems and embedded passwords, making them easy to breach and creating backdoors into other critical systems.
IBN can solve many of those challenges. One could argue that organizations could continue to run a data center without IBN, as companies could throw more people and money at that part of the network. It would be difficult, but it might be doable.
However, IoT deployments at scale are likely to fail without IBN, and one could argue that the concept of an IBN was designed with something like IoT in mind where unpredictability and randomness are the norms. The more variables in the network equation, the harder the problem is to solve — and that’s happening to the network right now.
The foundation for IBN for IoT is visibility
Cisco’s IBN for IoT addresses all of the major issues that can derail an IoT deployment. The foundation of the solution is visibility. The IBN is constantly scanning the network for new devices, and when it sees one, it can identify what it is. Some devices comply with the manufacturer’s usage description (MUD) specification, making it easy to understand what it is.
However, most IoT devices are older and do not provide any information. These have typically been a black hole for network operations. And for those, Cisco uses a combination of data and machine learning to create the context required to infer what the device is. A basic example: If a device is sending data to a soda company once a day, one could infer that it’s a connected soda machine. If there are other ones that have been identified, the data could be compared to increase the confidence level.
Cisco uses a combination of IT, OT and machine learning to profile endpoints
That was just a basic example, but Cisco uses a combination of traditional IT data, such as network information, and combines that with OT data such as CIP, PROFINET, and BACNet protocols and develops profiles of users and devices with machine learning. These profiles are loaded into Cisco’s Identity Services Engine (ISE) and are used to instantly identify devices as they connect to the network.
In a study I did last year, I surveyed network managers and asked how confident they were that they knew what IoT devices were connected to the company network. Over 50 percent said they had little to no confidence. As I’ve said many times, you can’t manage or secure what you can’t see, so this lack of visibility is a killer. With Cisco’s IBN for IoT, the problem is solved.
IBN for IoT ensures security and compliance with business policies
As the famed Ron Popeil likes to say, “But wait, there’s more!” Cisco doesn’t stop at just identifying the device. IBN for IT can be used to automate the security of it. IT professionals can define policies that can be automated to ensure devices are always in compliance.
For example, a policy could be created that states “all medical devices are to be placed in a secure zone.” When a new device is connected, it is identified via ISE and Cisco’s software-defined access solutions will automatically place it into the correct micro-segment. If the device moves, the policy follows it and the network is reconfigured to ensure it stays in the correct micro-segment.
Another piece of the IBN-for-IoT puzzle is analytics. Cisco is collecting a massive amount of data, and it’s using machine learning to understand what the information means and what relevant insights can be used to streamline business operations. Given the rapid growth of IoT, this is a great example of something machines can do that people simply can’t, as machines can connect the dots in a data set that is continually changing.
IBN for IoT can automate line-of-business operations
This combination of real-time data, business rules, and context can be used to automate line-of-business operations. If I extend the healthcare example I gave before, hospitals could use IBN for IoT to track medical inventory, ensure it goes through the right protocols before being deployed, and monitor medications. Manufacturers can use it to monitor the telemetry of their devices, such as temperature and humidity, or measure machine utilization.
One last thing to note from Cisco’s launch: The company’s solution includes a number of advisory, professional, and technical services to help organizations get started using IBN for IoT.
It’s been well documented how IoT will change the way we live and work. In particular, it will have a profound impact on those who work with the infrastructure, especially the network that needs to connect and secure these endpoints. Intent-based networks will ensure IoT success, but cobbling together different components from different vendors can be challenging for many organizations. Cisco’s IBN for IoT is a turnkey solution that includes services that let customers adopt IBN faster and more successfully.
Note: Cisco is a client of ZK Research.