Imagine a world that is even more connected technologically than ours today.
The IoT is the bringing together of a very large numbers of devices, data and computing power through the internet. The internet at the moment usually has a human at one or both ends of the communication. In the IoT, most communications will have sensors, actuators, databases or cloud-based computing process at either end.
It is the linking of data from a large numbers of devices to the tremendous computing power of the cloud that makes the IoT so interesting. Sensor networks and machine-to-machine communication have been around for quite some time now, but has mostly been over the cellular telephony network or over short range, mesh networks such as ZigBee.
Generally, the processing of data generated by these networks has been reasonably straightforward, such as pollution monitoring or device tracking. But the linking of these devices to the internet opens up many new possibilities. Large scale deployment of sensor networks will generate vast amounts of data which can be moved via the internet to be processed using the huge resources of cloud computing.
The IoT affects everybody. Without careful consideration, we risk sacrificing security for convenience without understanding the tradeoff. For example, the Nest thermostat in your home just controls your home’s temperature—today. The intent for such devices in the future is to autonomously interact with other things. You’ll want to know more about what network communications you’re allowing in your car, home, or office. You need to be informed about the technology so you can take appropriate action if needed.
The IoT’s level of connectivity is unprecedented. Right now, much of its interaction is invisible to you, and its potential vulnerabilities are immense. Once we introduce the IoT into our families and lives, we allow machine-to-machine interactions on our behalf. That means the IoT world will have knowledge of your private actions. That could include your presence at home, use of medicine, and the entertainment you consume.
Like privacy, security becomes a big issue. Say you have an Amazon Echo, a pepper-grinder-sized cylinder that’s a voice-activated, cloud-connected wireless speaker. It’s also a device controller that’s the beginning of an IoT ecosystem in your home. Amazon then becomes a central control for all Internet-connected devices—lights, switches, thermostats, and appliances.
You expect your appliances to last 10-15 years. What happens with security over time? Does Amazon guarantee that it will send security updates to it? What if they decide not to send security updates to it? Who controls the security functionality of your system? Because now that system is connected to your smoke alarms. It locks and unlocks your front door. It turns your lights on and off.
Right now, vendors aren’t thinking about security or the relationships between privacy, security, safety, and convenience issues because consumers aren’t demanding them. Until vendors put security into IoT devices, your security could be compromised. These devices are going to be everywhere, and they have real security implications. In business and in government the intersection of operations and security is a fundamental challenge. Currently, security and operations are separate, but the two functions are blurring together due to the convergence of millions of connected personal devices.
But there are a lot more changes coming with the IoT transformation than many people might recognize.
In the classic triangle, fire requires heat, oxygen, and fuel; without all three, fire isn’t possible. By analogy, analytics required data, technologies, and knowledge to be possible.
Widespread implementation of information systems captured unprecedented amounts of data. Second, tools and technologies allowed the inexpensive storage and processing. Third, savvy analytical innovators creatively combined these to show everyone else what could be done.
Now, a similar convergence is coming with the Internet of Things.
First, the cost and physical size of sensor technology have dropped such that they can be incorporated into most items.
Second, widespread communications infrastructure is in place to allow these distributed components to coordinate.
Third, once again, savvy innovators are showing the rest of us the possibilities from the data they collect. With these in place, the smoldering potential of IoT might be ready to catch.
But are we ready for the whole package? Probably not — because IoT is likely to be associated with substantial changes such as:
IoT should provide a greater amount and a greater value of data, but are companies ready to work with other firms to obtain value from this data? In the driverless car example, it is easy to see how different companies and stakeholders could make use of the data in different ways. But it might not be clear who owns what data and how it can be used.
Few organizations are prepared to be hardware and software development companies. But that’s what the Internet of Things will enable. As products are built with embedded sensors, the component mix increases in complexity. As a result, manufacturing systems and supply chains will become more elaborate. Software embedded in products will need to be updateable when the inevitable shortcomings are found.
If we believe data is valuable, then we need to be ready for people to want to take it from us. The IoT context intensifies the need for security requirements; sensors or software that allow control of the product make attacks easier. We’ve already seen examples ranging from wind turbines that unauthorized users can control to ship data recorders that can be tampered with to Barbie dolls that allow attackers to overhear conversations. Poisoned data streams might be difficult to discern with the volume of data that IoT devices produce.
Many business processes continue to be “pull” oriented. Information is gathered, then analyzed, then decisions are made. This works when change is slow. But with the IoT transition, data will stream in constantly, defying routine reporting and normal working hours. Flooding data from IoT devices will give opportunities for quick reaction, but only if organizations can develop the capacity needed to take advantage of them. Few mainstream large companies are ready for this, much less small- to medium-sized companies.
The good news is that by recognizing each of these challenges, organizations can begin the difficult process of getting ready. Before considering IoT devices to collect data, organizations can clarify ownership and governance. Before deploying IoT devices, organizations can design in security. Before installing IoT devices, organizations can design processes to build on the new information.
“Before” is the key — it will be hard to get ready once the IoT fire is spreading.