The Rapid Deployment of IoT: What Challenges Should We Expect?
AOTMP recently had the pleasure of presenting Mobility Award winners IBM, for the Watson IoT Platform, and Raspberry Pi for hardware. Each company is significantly and positively impacting the “IoT Space” and they were recognized for their contributions by nearly 100 press and analysts via AOTMP’s Mobility Awards program.
These two recipients, among the more than 60 winners, had me thinking about the Internet of Things. As terminology goes, machine-to-machine (M2M) has largely migrated to the Internet of Things (IoT). IoT has moved from buzzword to rapid device deployment in a growing number of enterprise channels examples include Energy Management with remote data feed, Automotive onboard telematics devices, Shipping and Transportation for finite tracking and patient monitoring in Healthcare. With nearly ubiquitous wireless access (WiFi, Bluetooth, and cellular representing a few), it will not be long before all manufactured goods have the capacity or provision for connectivity. These will be uniquely identified, internet-operable and most likely carrier-agnostic or multi-MNO capable.
It was Marshall McLuhan’s prediction that communication media would transform the world into a “global village” and more recently the Global Standards Initiative on Internet of Things which defined the IoT as “the infrastructure of the information society”. So here we are in 2017, poised for billions of IoT devices to be installed. During this installation phase, there are at least a few key progressive components to consider:
- Due to the IP Address limitation of less than 5 billion unique addresses within the current Internet Protocol version(IPv4), there will be a requirement for the much greater address space delivered in IPv6 for the projected expansion of IoT devices over the next few years. So let’s assume space, size and complexity are addressable by highly capable technologists. The path becomes cleared to many billions of accessible endpoints around the world.
- Of course, with such massive global expansion of interconnections representing potential points of compromise, there are significant risks associated with security, privacy and data sovereignty. Security breaches are currently impacting corporate bottom-line earnings across geographies and industries. IoT deployments with end-points quickly ratcheting up into hundreds of millions will only heighten this issue. These internet-connected elements will have an embedded operating system that is likely to represent a potential opening for malware as similarly inflicted on Android-based devices. Cyber attacks are pervasive and will undoubtedly increase. Every Board of Directors should require documented security plans as well as defined audits and best practices in place beforehand to protect data, provide vulnerability management and assign accountability. With billions of additional endpoints this topic needs to be top-of-mind as well as a top agenda item for the CEO. For these companies, the framework will create a foundation for rapid yet managed growth.
- The immense availability of new data for deep and broad analytics can provide transformative decision making and dynamic multi-variant business-case metrics such as reducing service costs, mean-time-to-repair and SLA penalties while increasing margins, first-time-fix-rates and system uptime. A ‘wrapper’ of machine learning around this exponentially growing data flow will provide for effective development of actionable “dashboarding” into all core operating units improving and accelerating decision making.
With access, security and the application of newly available data being addressed, along with achieving board-level visibility, any IoT project, product offering or business unit should require enterprise senior leadership to have a succinct and clear path to the return on investment. New technologies and business segments tend to create a ‘field of dreams’ euphoria. If the limitations, risks and use cases are not addressed, it’s nothing more than the hope that the returns will come. Accordingly, the starting point needs to include defining, articulating, projecting and then measuring the ROI.
As I think more about the security intrusion threats related to the vast number of IoT devices and connected endpoints that will be deployed globally over the next several years, I am reminded of a t-shirt. Years ago, I was a partner in a telecom expense management firm and I had t-shirts printed that read: Question Everything. It was not about paranoia but was mostly about reinforcing diligence, business processes and continual improvement. That mindset has sort of stuck with me and when the focus is on intrusion threats and hacking by outside parties, I also question an “installed breach”.
As a seemingly minor example, recently Kryptowire, the mobile application security company, identified several models of Android mobile devices that contained firmware that was shipped with these Android devices and managed by a company named Shanghai ADUPS Technology Co. Ltd based in China. According to Crunchbase, over 200 million smart devices use their software and services. This firmware collected sensitive personal data and transmitted the data to third-party servers without disclosure. These devices were available through major online retailers; for example Amazon and BestBuy (related news release: http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html).
With the ‘question everything’ mindset, and perhaps a touch of paranoia, I started thinking more about the potential ‘installed breach’ scenario on a broader scale. Say, just as a completely random example, a large company like Huawei, rather than Shanghai ADUPS Technology, had knowingly or unknowingly installed firmware providing access to sensitive data and transmitted to third-party servers. Such a company might have an army of well-trained engineers supported by government funding and, if as the world’s largest manufacturer of telecommunications equipment, global reach and data access directly or through partnerships within telecom operators, enterprises and government entities. As the 3rd largest SmartPhone manufacturer in the world, access to personal devices would be conceivable.
When addressing cyber-threats, intrusion detection should co-exist with installed threat detection and, in each scenario, stay always diligent. An overall unified approach is suggested. This includes research, monitoring, intelligence and peer-reviews as well as the application of the gathered domain knowledge with an on-going repeat cycle. The global village needs watchful eyes.