IoT's moment of truth -- who can secure the data flows?
The Internet of Things (IoT) has now entered a period of showstopping and heartstopping security reality checks. While most people can see the promise and value of data feeds from and to physical things, there are justified anxieties about just how weak and easy to attack many IoT device networks are.
Where business verticals such as banking, financial services, and insurance are fighting hard to escape legacy technology platforms and evolve to be modern customer focused digital businesses, IoT has the opposite problem of often being too modern and cutting edge.
The exciting new 'white space' business opportunities rapidly becoming possible are all fraught with risks -- data is the valuable currency of digital and therefore the target of hackers. Lack of consistent standards, exploitable attack points, and a new era of high stress security efforts make IoT services work very challenging.
The so-far largest Denial of Service (DoS) attack in history was recently launched via hacked IP connected closed circuit television cameras made by Hangzhou Xiongmai Technology. A botnet propagated Mirai malware to the cameras which then flooded the US east coast with fake traffic, until Domain Name Servers crashed under the strain. And we can likely expect more such attacks.
Right now arguably the ultimate solution to stopping these attacks is internet service providers (ISPs) moving to cut off connectivity from any IP address that is relaying DoS junk data from compromised IoT devices, which this excellent article discusses.
Hard to achieve, fraught with issues, and not optimal, the more practical solution is to build out robust, secure IoT networks so your brand doesn't get hijacked into the dark side and be a named attacker.
Longer term, 'system on chip' security maturation from the hardware manufacturers will add layers of addressable security in sensors. ARM's 'trust zone' security extensions are a good example of where we are right now from a silicon perspective.
At a strategic level, what really sorts out the scary, easy to penetrate lightweight backends from the secure environments is the quality of the secure end-to-end design and engineering. Secure, connected devices will be digital service provider tablestakes as they become the expected norm, along with the associated modern systems and expertise that enable value to entrepreneurs.
Conversely, using sketchy, exposed connected 'things' will be akin to placing your personal details on the public internet -- too risky.
From a service provider perspective, the Internet of Things currently has two main dimensions, both of which are attributes of larger battles for digital dominance.
See also
The first dimension is the Machine to Machine (M2M) industrial internet, which evolved from heavy equipment telemetrics (the measurement and transmission of data by wire, radio, or other means from remote sources to receiving stations for recording and analysis) and has matured and grown on a linear path alongside 'traditional' enterprise IT systems for the last fifteen years. Examples of this are 'time to failure' monitoring of all types of rotating mass heavy equipment, and data flows into and from ERP, and other enterprise software.
The other, newer dimension is the explosion of product innovation enabled by new sensor developments and big data, enabling data flows from 'born digital' devices from and to physical 'things' of all sizes to modern digital backbones. It is this newer dimension of our connected world which is causing recent giant societal waves.
Earlier this year AT&T's AVP of IoT solutions Mobeen Khan briefed me on the pace of change from a telecom perspective. There were 28 million connected devices this spring and AT&T predicts 50 billion by 2020.
While new mobile smartphone plan sales are flat (everyone has one already), connected car accounts are one of the fastest growing areas of growth. AT&T has established multiple Foundry Innovation Centers around the world to help drive market growth and development, and many large enterprise services providers have recently created similar design thinking and ideation labs.
The key to all this activity is identifying who can orchestrate viable, secure enterprise services to route explosively growing amounts of data to the right places at the right times to run modern businesses, and this is where 'as-a-service' vendors are going to be duking it out to be the go-to global suppliers for their clients.
In my recent HfS Research 'blueprint' report on the IoT Services sector I analyzed many of the major 'as a service' providers, some of whom have competencies in both industrial internet activities and emergent innovative IoT activities. It's currently a buyer's market for companies looking to find the best talent, skill sets -- and of course security competencies.
Designing and building out sophisticated digital platforms for IoT interactions, along with all the other desired commercial goals of leveraging modern big data flows to improve commercial performance and customer satisfaction requires large scale services partners who are committed to drive and support rapid business evolution.
As our editor Larry Dignan wrote here recently, while the old guard systems integrators have been snapping up cloud consulting and integration specialists, prospects and clients are wary of a fresh generation of the sort of problems that plagued past IT efforts, in a far more complex interconnected world.
This really is a new digital business era. Resting on past laurels and buying up boutique design and technology firms as hood ornaments for old line services businesses won't cut it for any prospect or client paying attention to their modern strategic business needs.
In the crowded services market there is huge opportunity to be the preferred next generation business partners -- or be perceived as a legacy provider of limited relevance for today's needs.