The internet of things has already become part of your everyday life, even though you may not realize it. Does your TV have Netflix streaming to it? Does your car stream from your phone? Does your home’s security camera send updates to your mobile devices? These are examples of the IoT — the digital connections between our day-to-day lives and mundane tasks, all in an effort to make things faster, easier and more power efficient.
It is estimated that IoT will significantly impact three areas of people’s lives: the connected car, the connected home and the connected self. Each of these represents new ways of data gathering and data usage, which combined with new automation and control options, creates a world of possibilities.
The connected car: The smart vehicle will be able to sync up with phones and stream media while having active data connections for GPS, live traffic updates and efficiency analytics.
The connected home: Connected homes will utilize appliances and utilities that stay connected with the user while offering remote control via apps and real-time adjustments based on environment and data.
The connected self: Phone, tablet and watch, all connected together to track your health and wellness, personal information, daily schedule and social life.
What does this have to do with blockchain? The internet of things will revolutionize many things, but it also opens the door to many security risks — and that’s where blockchain can come make a difference.
What is blockchain?
In its simplest form, blockchain is a digital chain of records, with links (blocks) in the chain as a permanent record that 1) relies on the previous link to complete its record and 2) is publicly vetted through a network of machines. Blockchain incorporates one-way encryption so that even though it’s publicly accessible and vetted, data remains secure and proprietary. This achieves a number of critical security features that make it a leader in the digital cryptography space. First, the chained requirement between blocks means that previous records cannot be altered without detection, creating permanence. Second, as a system that uses a public network for vetting and auditing, data exists in a transparent state, ensuring that any attempts at hacking will be noticed at some point.
Transparency and permanence are critical for a systemic shift to the internet of things because every device and every transaction introduced into the ecosystem creates a new security risk. Before the market can truly embrace IoT, it must have protocols and processes in place to verify that the countless transactions moving back and forth are protected. These elements must also exist in a way that minimizes resources and is optimized for ease of use, allowing for mass scaling of users and devices. Blockchain supports these needs, and current initiatives are pushing the platform into levels of efficiency that allow for enterprise usage. In an IoT world, the scale is critical — it may be easy to protect a handful of records but less so when it’s hundreds of thousands of medical records at a hospital or city department.
Blockchain in action
Consider these two real-world ways of utilizing blockchain in an everyday industry:
Car insurance: IoT can change the entire insurance process. A driver’s data gathered by a smart car — average driving speeds, distances and other data — can connect with an insurance server, delivering secure information that is only activated upon specific events (smart contracts that execute when, say, an accident occurs). This data can then be shared with all necessary parties while maintaining user privacy. In this instance, data is delivered from a single source (the car) and propagated to users rather than manual entry into each party’s own database. Blockchain’s permanence and transparency allow for the smart car’s database to be the reference point that connects data efficiently.
Identification documents: The authenticity of identification is critical for processing official records, but falsified records remain a concern. With blockchain, a new type of identity can be created, one that adds a dLoc sticker containing a tiny chip, guilloches, UV print, micro text or latent image that marries its unique ID only recognizable by the issuing agency. This data is secured within a public blockchain, which can then be used to verify authenticity when interfacing with IoT devices at government offices, hospitals, DMVs and other areas where official records are required.
These two examples represent just a fraction of all the ways blockchain can integrate seamlessly into an IoT world. Blockchain is maturing at the same time connective technology is becoming mainstream in appliances and industrial devices. Over the next decade, IoT can change the way we live, but only if a security platform like blockchain protects your privacy and data in an accessible and scalable fashion.
For more information on IoT and blockchain, Blockchain for Dummies, authored by Tiana Laurence, is available for pre-sale on Amazon (available May 2017).
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
The first wave of mobile apps mainly centered on the retail and consumer markets. In its second wave over the past five years we witnessed enterprise mobility steadily rise. ISMG’s 2016 business transformation study found 99% of the enterprise workforce uses mobile devices — mainly smartphones and tablets — to perform their jobs. The demand for mobile apps is trending up. Gartner estimates the demand will outpace the capacity to develop enterprise mobile apps five to one by the end of 2017.
And now we are in an era when mobile apps are rapidly penetrating into rather slow-to-change industry verticals like manufacturing, oil and gas, home automation and financial services.
Mobile apps in a connected ecosystem
This penetration, dubbed as the third wave of mobile apps, is fueled by the rising ubiquity of internet-connected devices and sensors.
In this fast emerging era of smart cities, smart homes and connected cars, mobile devices like smartphones, tablets and wearables function as the main interface to interact with IoT devices.
Mobile app functions are no longer standalone, but integral to many sensitive, mission-critical functionalities, from personal health and fitness to industrial equipment sensing and predictive maintenance. Even in banking and finance mobile apps are being adopted to offer improved geolocation services across platforms.
Today, whether targeted for retail, enterprise or industrial customer bases, mobile apps have to perform efficiently cross-platform, integrate with third-party APIs, and interact with connected devices and sensors in real-time in order to deliver value to the end user.
To perform all of the above reliably, mobile app security is critical. While user experience and time to market are still important, it is about time mobile app development takes security more seriously.
Securing a connected mobile ecosystem
Ponemon Institute’s 2017 survey on mobile and IoT app security found while 79% of respondents consider a mobile app a threat to existing security posture, only 32% of respondents believe their organizations are urgently trying to secure mobile apps.
It has become increasingly common for hackers to use sensitive information exchanged through mobile apps to launch other forms of attacks.
ISMG’s 2016 Mobile Security study further shows data breaches are most commonly caused by:
- Mobile apps containing malware
- Apps that contain security vulnerabilities
- Unsecured Wi-Fi connections
To prevent data breaches due to malware and inherent vulnerabilities, mobile app security practices must integrate with the entire development lifecycle, from design through testing and deployment.
Even though the effectiveness of penetration testing is proven for mobile apps, Ponemon Institute’s 2017 study found testing of mobile apps being ad hoc if done at all. The study also found mobile app risks exist because end-user convenience is considered more important than security (by 68% of respondents).
As mobile apps assume a central role in today’s connected world, development must prioritize to mitigate the security risks already listed in Open Web Application Security Project guidelines, including:
- Broken cryptography
- Unintended data leakage
- Weak server-side controls
- Client-side injection
- Poor authorization and authentication
The figure below shows these risks in order of predominance.
Mitigating mobile app security risks
In a highly competitive mobile app market, rush to release is often cited as another reason to compromise adequate security testing during the software development cycle. This needs to change.
There are multiple proven ways to mitigate risks during development, such as:
- Penetration testing
- Educating developers on safe coding
- Static and dynamic application security testing
- Security testing throughout the software development lifecycle
In case of enterprise deployments, instead of focusing on just one aspect of mobile security to make that bulletproof, organizations need to take into account the entire spectrum of threat profile and try to mitigate risks.
To secure an end-to-end enterprise environment, mobile app security also depends on overall mobile communication architectures, including carrier connectivity and IT infrastructure.
At the user level some common risk mitigation steps are:
- Avoid default passwords and opt for more complex passwords
- Avoid using the same password across mobile apps
- Use auto-lock features so the app locks fairly quickly when not in use
- Allow app downloads only from reputable app stores
- Regularly update installed apps (as often these updates contain security patches)
- Delete apps which are not in use
Establishing mobile app governance
At an enterprise level, standards and governance measures can provide comprehensive guidance and prevent a fragmented approach to mobile efforts.
Standards practices can be designed in such a way that instead of stifling innovation or slowing down a mobile initiative, they help to capture and evaluate any mobile requests securely — and deliver applications consistently.
Such governance can also help manage app support, maintain expectations, define measures, foster reusability and encourage knowledge sharing across the organization. It can also ensure business units can deploy mobile devices and apps in a consistent, secure and measurable way.
Governance steps like reference architectures, reusable components, access to corporate resources and security standards can all be used to help breed consistency, no matter who is developing and deploying the mobile apps.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
As sensor-based smart building systems, like intelligent LED lighting networks, have gained popularity, much has been made of the huge energy and maintenance cost savings they can provide to the organizations that install them. In addition to the uniquely valuable overhead vantage point offered by connected lighting, an often overlooked benefit of all sensor-based systems is their ability to streamline and automate. From automatically adjusting temperatures within a warehouse or workspace to turning lights on or off depending on occupancy, smart building systems can now manage many of the time consuming day-to-day tasks that have traditionally fallen into the hands of facilities personnel.
Streamline a facility manager’s job and the benefits extend far beyond their daily to-do list, allowing them to take a step back and focus on more strategic initiatives for the organization and inject new levels of value into the organization across several key areas. Here are just a few ways that building intelligence can help your team work smarter.
One of the most useful ways intelligent systems help streamline day-to-day tasks is through occupancy tracking. By gathering and delivering insights into the ways people are (or aren’t) moving within a space, organizations are able to hand over the reins to intelligent systems and automate a variety of tasks, ranging from simple things like adjusting lighting and temperature levels within a specific area when someone enters or exits, to more complex tasks like security monitoring that sends out alerts when someone enters a restricted location.
Further, tracking occupancy provides insights into traffic and usage patterns throughout the warehouse or factory floor. Smart building systems can gather this information with such granularity that facility personnel can monitor specific pieces of equipment, noting when they are and are not being used by employees throughout the day. Insight into these patterns allows organizations to adjust staffing or scheduled usage. Take, for example, an intelligent LED system above a major piece of equipment in a manufacturing facility. The system can provide insight into occupancy patterns around that machine, and data may reveal that a number of people are not only around the system, but stagnantly waiting to use it during the first shift, while that same machine is nearly untouched during the second shift. This data gives facility personnel insight into potential overstaffing of a certain job function or a suboptimal workflow that are causing people to get hung up. From there, management can make an informed decision to change scheduling patterns or workflow so that people are not wasting time while they wait for the machine to be free.
Equipment performance and maintenance tracking
For many working within a factory or industrial environment, a portion of their day is devoted to checking and manually assessing how equipment is operating, thus ensuring that production lines are running smoothly and equipment is not malfunctioning. Intelligent systems are able to take over this often time-consuming task, automatically collecting and aggregating data and flagging abnormalities.
This information not only creates a more efficient floor, but also delivers for facilities and operations managers the time and data they need to make key decisions about the way the facility is running, providing alerts as to when equipment malfunction is most likely to take place, and scheduling preventative maintenance for off-hours. Consider the machine mentioned in the above example, working constantly for hours at a time with a long queue of employees. The manager may conclude a second, very expensive machine is needed to handle the workload, or that costly repairs could help it get back into peak-performance mode. However, with the data provided through building intelligence systems, facility personnel can recognize that the problem is simply associated with usage, and thus make the necessary changes, saving the organization thousands of dollars — or more — and reducing the amount of production time lost due to inefficiencies and equipment malfunction or breakdown.
Keeping track of the myriad assets that pass through a facility in a day can also be a time consuming endeavor for facility personnel. From making sure product is moving through the space the way it is supposed to, to ensuring pieces of necessary equipment — things as large as forklifts and as small as ladders — are not lost, hours can be spent just making sure everything is in the proper place at the proper time, and making corrections when it is not.
To round out the example of the once-overused piece of equipment — if a product is making its way through production and goes through that piece of equipment but then is misplaced by an employee or falls off of a forklift on its way to the loading dock, the time that was saved by ensuring that equipment was running smoothly no longer matters. Hours may be spent searching for this one item that has simply been misplaced. However, with intelligent systems, organizations have the ability to attach sensors that act as beacons to these pieces of product, giving them the ability to know exactly where an item is at any minute, ensuring that processes run smoothly from end to end and benefitting the business as a whole.
Though many people consider intelligent systems as a way to save a company money, from reducing energy costs to streamlining processes, the benefits go much further than that. For facility personnel especially, these systems can automate a variety of tasks that often eat up entire chunks of the manager’s time, and offer both the insight and the opportunity necessary to contribute to the business in more strategic ways.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
If you want to see an urban emergency manager sweat, just mention one name: Katrina.
Among the most destructive and deadly hurricanes in American history, the 2005 storm is likely the definition of “disaster” for anyone who watched it unfold in news coverage and over social media — as much for the human cost as for the drawn-out and flawed response.
It is inevitable that cities will face disasters, natural and man-made, but they don’t all have to be Katrinas. By using smart technology solutions to build upon best emergency management practices that were developed during the past century and more, cities will be able to prepare more effectively and respond more efficiently.
Having access to data from IoT networks is an unprecedented boon for emergency preparedness. Just knowing the travel habits of commuters from tracking mobile ticket activations across different modes of transit allows cities to predict where the greatest concentrations of people will be at any given hour, which can be accounted for in evacuation plans. And networked devices will make it possible to more effectively disseminate alerts, information and directives to the population — and to scale responses, so as to focus areas of greatest risk and thereby reduce the chance of panic in those where the risk is lower.
The promise of smart technology in response to disasters, though, is perhaps the greater opportunity. By mitigating the impact in the wake of a hurricane, an earthquake or other event, cities will be able to hasten the return to normalcy for citizens and businesses, reducing the emotional and economic impact of disasters.
There are already efforts to harness smart technology for this purpose. Indeed, when the tremors from 2011 offshore earthquake reached Japan, they were detected by sensors that automatically brought the country’s Shinkansen bullet trains to a halt. No trains were derailed in the subsequent 9.3-meter-tall tsunami.
The Urban Risk Lab at MIT — which is specifically tasked with finding ways to help cities deal with disasters — came up with the PrepHub, a melding of physical infrastructure and smart technology. It’s a multifunction station with a pedal-powered generator that provides charging for devices and acts as a communications center to help citizens after a disaster. Another response was developed after Hurricane Sandy devastated parts of the East Coast. Because many local businesses were unable to get communications or data services in the following days, the New York City Economic Development Corporation held a contest to design solutions. One finalist was Red Hook WIFI, a resilient wireless network designed to provide internet access on the community level in the event of large-scale power outages.
Developing technology holds even more promise. Google’s patent filing for managing lane assignment for autonomous vehicles is a good example. Once there is a critical mass of autonomous vehicles — both privately owned and public transit — far more can be fit onto a road during an evacuation without creating bottlenecks and gridlock, getting more people to safety more quickly. It’s even possible they could be moved out of the way in a coordinated fashion to allow emergency response vehicles to get by with minimal or no delay.
What needs to happen now — well before the next blizzard of the century or catastrophic wildfire — is for smart city stakeholders to bring emergency planners into their circles, if they haven’t already. Having the internet of things integral to your city planning is not enough, by itself, to be prepared. You will need guidance from people well-versed in crisis management from experience in real-world situations.
Cities have proved their resiliency in the face of disasters time and again. However, it is inarguably smarter to take steps today to mitigate future catastrophes. The name Katrina will never lose its sting — nor should it, given the cost it levied — but cities should take every opportunity to leverage smart technology in ways that will make citizens safer in the face of future disasters.
What if I told you that the internet of things will completely eliminate burglaries? Seem pretty extreme?
Or what if I said it could end domestic violence?
These are bold predictions, but I strongly believe that life will be fundamentally different with smart homes powered by artificial intelligence.
To date, a completely IoT-enabled smart home has been more of a pipe dream than a reality. Technology integrations have largely failed up until this point, leaving our homes with an embarrassingly low IQ.
Artificial intelligence and machine learning capabilities will finally give our homes the smart upgrade they desperately need. Our household appliances will have expanded capabilities and the ability to intuitively link together, something that has prevented and plagued IoT platforms from reaching their full potential.
I envision a home where machines are another participating member of our household. From basic roles like completing chores (without complaining like humans!) to more serious roles like preventing break-ins or listening for and reporting evidence of domestic abuse, artificial intelligence has the transformative powers to finally make an autonomous, proactive and useful smart home an attainable reality.
Creating and expanding existing capabilities
Machine learning takes smart devices from reactive to proactive. Imagine: instead of just being able to start your dishwasher via a mobile app or receiving a simple push notification when it’s done running, your dishwasher starts itself when it senses it’s full and runs through the appropriate cycles, taking into consideration its contents.
This is taken to the next level when we think of how artificial intelligence will not only make our devices proactive alone, but proactive together. A smart outdoor security camera that can recognize a stranger walking up to your front door will then be able to automatically communicate with your smart lock to lock everything up and set the alarm. This ability to respond immediately is what could completely end burglaries. The movie Home Alone to our kids is going to be like us watching a movie about fighting cattle rustlers.
The next level of the IoT-enabled smart home will be to first understand when something out of the ordinary is happening, and then autonomously solve the problem with corresponding responses. This is what developers need to focus on now to make sure that their products can easily function among others and within a larger ecosystem to seamlessly come together.
With great power comes great responsibility
But as the technology evolves, so does the moral ambiguity of what party is trusted with taking responsibility for the data that flows between devices. This specifically includes the information gleaned from this data and may not be related to the technology’s core functions.
Think about that home security example again. Security cameras that capture property crime may also capture scenes of domestic violence. Or microphones listening for commands to turn on the TV or read the weather report may also hear evidence of child abuse.
Is it then the responsibility of these companies to train products during their creation to detect and recognize other compromising events that may not be central to the product’s main function? And if it’s recognized, is there an obligation to then report it in the same way an official, like a first responder or teacher, would? If we decide that yes, this is something that needs to happen, then the IoT-enabled smart home may be able to completely end domestic violence because of its massive deterrent effect. Knowing that someone is watching makes people behave better (although, we could have an entirely separate discussion on the double-edged sword that is a 24-hour surveillance state).
As the knowledge and intelligence of machines increases, this responsibility component becomes more important, particularly the responsibility of these machines to be proactive considering knowledge gained. This then brings up the issue of trust — users need to be able to trust that machines will do the “right thing” when information is gathered that signals a need for proactivity. Defining what the right thing is must be faced as questions arise to the allegiance of these machines — does it belong to the user? Or the manufacturer?
These questions merely scratch the surface of the complicated moral and ethical issues that will arise with the increased implementation of artificial intelligence. While these specific points will likely become a more central part of the smart home discussion further into the future, in the immediate, we can expect to see IoT and cohesive usability at a basic level, reach its full potential, by leveraging artificial intelligence.
Sharing economy apps like Airbnb, Uber and HomeAdvisor have the ability to thrive and disrupt incumbent industries. We have identified the five top markets that could become the next frontier of digital disruption, including car sharing, vehicle repair and maintenance, self-storage, tech support and textbook selling/renting.
Uber has already become a major disruptor in one area of the auto industry by cutting out taxi service companies and connecting passengers directly with drivers. Car-sharing apps may become the next wave of auto industry disruptors. These apps are attractive to consumers who want a driving experience without the need for car ownership. The apps connect car owners who are willing to let others use their car when it is not in use — e.g., sitting idle in an airport parking lot or parked at home — and people in need of a car — e.g., business or leisure travelers who need flexible transportation options. Car-sharing apps can offer flexible rental terms and real-time pricing adjustments based on supply and demand.
These apps directly threaten car rental companies by creating a fleet out of otherwise unused vehicles. In this way, car-sharing apps need not incur overhead vehicle costs. In addition, the apps also, to some extent, threaten auto manufacturers. If car-sharing apps gain adoption, the convenient transportation option could impact new car sales and decrease vehicle purchases by rental car companies.
Vehicle repair and maintenance
The vehicle repair and maintenance market is relatively untapped. To expedite expansion, vehicle and maintenance apps should consider partnering with providers of aftermarket auto dongles. In addition to acquiring a preexisting customer base through the partnership, repair and maintenance apps could use dongle-provided vehicle information to offer maintenance alerts and engine diagnostic data, recommend a local repair shop and preemptively alert the repair shop of the vehicle’s issue.
Self-storage apps can match customers in need of storage with those who have extra space available — in garages, attics, basements or self-storage sites. These self-storage apps could be very useful to consumers, who need extra storage space. According to Miller Organizing, 32% of Americans with two-car garages only have room for one vehicle, and 25% don’t have room for any vehicles because they use their garages for storage. Further, to increase their reach, these companies could expand offerings to home service apps like Handy or TaskRabbits, or space-sharing apps like Airbnb.
Tech support services
Much like the vehicle repair and maintenance apps, a tech support app can help consumers find the most qualified technician nearby or online to solve pressing tech issues, from fixing routers and recovering lost files to removing viruses and fighting ransomware.
Apps in this market could create a competitive advantage by ensuring quick response times. Consumer data indicates that about 22% of broadband households subscribe to a paid premium tech support service, and these customers’ greatest dissatisfaction with their support experience is the long wait times for technicians. Tech support apps could also allow users to chat with a technician to complete routine maintenance or use their smartphone’s camera to show where the problem is and let the technician guide them to complete required tasks step-by-step. By delivering the service remotely, the tech support service could lower their prices and attract more customers.
Textbook selling and rental
Textbook selling and rental apps can help students list their used textbooks to sell, rent or trade, keep track of books in case of a rental agreement, and facilitate payment between students. These models could ease financial burdens for college students, who spend on average $1,200 each year on textbooks while only receiving $200 by selling the same books to a campus bookstore.
Apps in this market can also allow students to search for a particular textbook, scan a barcode to list theirs, find interested students nearby, and conduct payment through the app itself. The apps may also allow potential buyers to bid for used textbooks. Textbook apps would allow book owners a chance to review a fellow student’s offer along with local bookstores’ real-time buyback prices before accepting the best offer.
Apps in all five of these sharing economy categories could disrupt existing industries by exploiting the incumbent industry’s inefficiencies and business model vulnerabilities. The consumer experience can be further enhanced through better app design, greater customer service and clear value propositions. App companies still need to draft a concrete and feasible business plan, overcome market barriers and execute scale in order to succeed. Of course, success is not guaranteed if these sharing economy apps execute poorly, can’t manage growth or do not differentiate against the competition. Nevertheless, there are promising opportunities for disruption and growth by new sharing apps in the above five markets.
IoT M&A update
2016 was a record year in the IoT sector with a total of 127 transactions, reflecting a nearly 60% increase in transaction volume compared to 2015 and an unprecedented total disclosed transaction value of $39.9 billion. The biggest deal, responsible for a significant part of the jump in total disclosed value, was the acquisition of the U.K.-based chip maker ARM by the Japan’s Softbank for $31.4 billion in September 2016. Furthermore, Verizon Communications continued its strategy in the telematics industry by acquiring Dublin-based Fleetmatics Group, a provider of GPS fleet tracking solutions, for $2.4 billion at a 7.0x LTM revenue multiple in August 2016. Other large deals include Sensus’ acquisition of Xylem, a leading provider of smart meters, network technologies and data analytics services for $1.7 billion and Cisco’s acquisition of Jasper Technologies for $1.4 billion (mentioned in my previous post).
All four of these 2016 transactions fall in our “top 10” list of IoT M&A transactions going back to 2010. In addition, we highlight the following points:
- 7 out of the 10 largest IoT deals happened in 2016
- 7 out of the 10 largest targets are U.S.-based
- 2016 marked the first IoT transaction over $1 billion (and by the end of the year there had been four!)
- Even without these larger transactions, disclosed transaction value of approximately $4 billion represented an increase of 4x over 2015
Private placement update
Private placements have also experienced a significant a jump in transaction volume and total dollars. The total of 137 transactions represented an increase of 47.3% over 2015 and total dollars invested increased 3.1x to over $2.4 billion, reflecting an increase in average transaction size from $9.7 million to $18.4 million. This performance is partly driven by Infineon’s fundraising of $935 million in debt financing in April and NavInfo’s fundraising of $521 million in May. Furthermore, Sigfox, a French startup providing innovative IoT networking solutions, raised $115 million in 2015 and an additional $160 million in 2016 — it is now valued at $600 million.
Every time I attend Mobile World Congress, which was last week in Barcelona, I compile a list of the top 10 hot topics and buzz phrases that I see across presentations, exhibitors and on-site events. So here goes the 2017 countdown, starting at number 10 and building up to the most popular phrase at Mobile World Congress this year:
10. Hearables. Yes, you read it correctly, not wearables but a new branch called “hearables” which focuses on smart audio wearable technology such as is being launched by Bragi (it has such cool products). While these have typically been Bluetooth devices requiring the use of a phone or computer for central computing, hearables are now being created with their own CPU allowing them to work freely without companion devices and opening them up to a wealth of possibilities for consumers, including eHealth, fitness tracking and business concierge services.
9. eSIMs. If you believe the hype, the days of the physical SIM card are over. As billions of new IoT devices need to connect to cellular networks, software SIMs will be the only way to get scale. Companies like Otono Networks are paving the way with this new on-device and cloud technology to securely provision and connect devices to all manner of wireless networks.
8. Software-defined everything. A few years ago the buzz was all about SDN, but now the term has broadened such that almost any hardware can (in theory) take on any function by being programmed differently. At Mobile World Congress, Ubuntu gave the interesting example of a vending machine capable of doubling up as a cellular base station by just loading specific software. As this becomes more prevalent, it won’t be a case of “it does what it says on the tin” but instead “it does what the software tells it to do.”
7. Robotics. Robots were everywhere at MWC, in fact here is a picture of me trying to steal a quick kiss from a friendly female robot. Consumer robots will have their very own app stores, allowing robot manufacturers to create new revenue opportunities and for owners to unlock new functionality and personalization options for their robot. There also seemed to be a lot of buzz around robots in industrial automation and, following on from number 8 above, how those robots will truly be software defined.
6. 5G. 5G is the next wave of cellular technology, where network technology and device vendors hope to make billions of dollars in sales of new hardware, and where many IoT service providers see 5G as the holy grail of next-gen connectivity. Narrowband IoT, a specialized radio technology standard created to enable a wide range of devices and services via cellular telecommunications bands, was also creating a lot of buzz.
5. Augmented reality and virtual reality. Many booths had wild and wacky immersive headsets where visitors could lose themselves in virtual worlds. Outside of the gaming and consumer possibilities of AR and VR, Mobile World Congress also showcased the many practical IIoT applications in which the devices are being deployed.
4. Smart cities. For cities to become truly smart and connected, billions upon billions of dollars will have to be spent per city, which in turn is beginning to open a massive new market for hardware and software vendors and the systems integrators needed to connect all the ”things.” At MWC there were many demos of connected street lighting, intelligent parking systems, smart utilities, sensors to sense everything from weather to traffic, and of course connected cars. Speaking of which …
3. Connected cars. Most of the car manufacturers had a booth at MWC, as did the vendors that serve them. Most of them were talking about offering apps and services to drivers. While previous years at MWC had automakers telling the story of connected infotainment, this year had many automakers and vendors emphasizing the critical importance of the connected vehicle in the smart city of tomorrow. The connected car is also transforming markets like the insurance industry, where insurance companies will receive real-time feeds of data from cars and will be able to bill dynamically based around usage and behavior (usage-based insurance, or UBI).
2. Gateway. Will tomorrow’s IoT gateway be centered around a utility meter, a smart thermostat, a home entertainment system or a lighting system? Or some other device that gets deployed in every home or business? The battle for the gateway is underway. At Mobile World Congress, every connected hardware company seemed to be claiming that its gadget was (or had the potential to be) a gateway. The companies that win the battle will be the ones that create a compelling case for their hardware, coupled with a wide range of applications, wide connectivity to all the other devices in the home or business, and a thriving ecosystem of third parties that add value and contribute innovation.
And the most buzz-worthy phrase?
1. IoT. Well that’s obvious isn’t it? No surprises there. There was a lot of mention of good-old M2M, but IoT has definitely surpassed that now. I counted that approximately 70% of booths had IoT or “internet of things” plastered across their signage. The Vodafone booth had tons of great demos and over 50% of those demos had IoT in the title of the demo.
That’s it for the AppDirect 2017 MWC Buzz Index; let’s see what has changed when we revisit it in 2018.
Attend an IoT event and it’s a safe bet that at least one of the talks will prominently feature hand wringing, humor or despair about the security of IoT endpoint devices. Speaking at the Linux Foundation’s Open Source Leadership Summit, security expert Bruce Schneier went so far as to suggest that maybe a new government agency is needed in the U.S. to figure all this out. (Not usually a popular sort of proposal in a room full of techies.)
Working toward improved IoT device security is an important goal. And one that needs to consider not just security out of the box but over a device’s lifecycle. Indeed, it’s not optional with devices that are part of safety-critical systems. Power plants, automobiles and healthcare systems need comprehensive defense in depth that extends from centralized management systems through individual sensors and controls.
Work on IoT security and identity management includes the development of new standards. For example, Enrollment over Secure Transport (EST), is a new standard (RFC7030) designed to improve the lifecycle management of digital certificates, a key element for secure communications. One of the challenges is that there are many different classes of edge device. Some are connected all the time. Others are not. Some are plugged in. Others need to operate for extended periods on the stored energy of a small battery.
But we also need to be realistic as we consider lower-cost and higher-volume devices. You know that off-brand webcam, temperature sensor or light bulb with $1 worth of networking computer you or your business bought? Guess what. It’s not going to be reliably and consistently updated over a 20-year lifecycle. Heck, you’re probably lucky if its firmware is current against today’s security vulnerabilities by the time it gets into your hands.
One option is to basically ignore the potential issue. This may not even be unreasonable in the case of sensors that deal in non-sensitive data. So long as there’s no ability to change the temperature, the fact that someone can observe the temperature in an office building may not be a serious problem.
However, many IoT devices are full-fledged computers (albeit small and cheap ones) with a network stack. This allowed, for example, compromised webcams to be used in a botnet attack last year. (Attackers appear to have cracked logins using easy-to-guess default passwords — another common issue with IoT device security.) Even when exposing data isn’t a big concern, taking over the device can be.
Devices that control things are more problematic. It’s easy to envision the damage that could be done by turning off even a single building’s heat during the winter. But even individually innocuous actions taking place at internet scale can potentially cause serious problems for utilities and other interconnected systems.
The systematic solution will often include isolating the endpoint devices from the network using some sort of gateway. Gateways are already a topic in IoT conversations for a variety of other reasons. For example, in industrial IoT applications, gateways can preprocess and filter device data or take real-time action in response to data.
Such a three-tier architecture puts real-time control physically closer to where it’s needed. This potentially decreases latency and increases predictability. Furthermore, by reducing the quantity of data transmitted over the network to run predictive analytics and to monitor historical trends, network bandwidth needs and costs can be reduced.
With respect to security, a gateway can also intermediate between devices and the public network. Consumer and small business-class gateway devices will doubtless continue to have their own vulnerabilities. (How many residential routers still use their factory defaults?) However, gateways will typically have more processing power, memory and overall capabilities than devices. They won’t typically be power constrained and can implement features like firewalls to protect against certain types of attacks.
A gateway isn’t a security panacea, but it brings us closer to traditional computer management and patching practices than will often be the case with devices. And, as an industry, we know how to do those things — whether we always do or not.
None of this should be taken as a virtual shrug with respect to the security of the endpoint devices themselves. But we need to have a Plan B for when that security breaks down. As it will. And approaching IoT as an architecture in which we can protect devices behind a gateway is a good start.
The cybersecurity landscape is in a constant state of flux. One that has advanced rapidly as cyberattackers and defenders engage in a digital arms race. Historically, cybersecurity threats were limited to computer viruses; the motivations behind them ranging from geeks in the attic writing them simply because they could, to more malicious motivations focused on trying to take over other people’s PCs for monetary gain.
Today, however, the threat landscape is far more sinister, with highly targeted and socially engineered malware and phishing scams designed to trick, steal, ransom or simply destroy user data. What’s more, it’s all backed by increasingly tech savvy organizations, from nation-state actors to highly organized crime syndicates, offering out-of-the-box, turn-key attack packages, supported by 24/7 customer service, enabling even the hardiest of luddites to launch a cyberattack.
As if this wasn’t enough, the internet of things has greatly amplified the complexity of the cybersecurity threat landscape. One that has businesses around the world in a spin as they reevaluate the necessary people and service skills, structures and approaches to security, in an effort to shore up their defenses.
However, despite this apparent awareness around the potential risks IoT represents if not secured, the desire to innovate and compete seems to override much of this concern, with many business moving to adopt IoT technologies, regardless of the risks.
In fact, a recent AT&T Cybersecurity Insights Report, which surveyed more than 5,000 enterprises around the world, found that although 85% of enterprises are in the process of or intend to deploy IoT devices; only 10% of those surveyed felt confident that they could secure those devices against hackers.
The IoT security ecosystem
As with any industry, no single vendor can be solely responsible for IoT security. There are far too many technologies built to different standards and specifications by multiple vendors, making it impractical for one company to provide a holistic security solution alone.
This always-on, anywhere connected environment in which we live is no different. We rely on multiple technologies and services from multiple vendors that have access to some of the most personal aspects of people’s lives — from finance to healthcare information.
So how can businesses secure IoT?
Years past saw these vendors working in isolation, zealously protecting their IP in an effort to stay competitive. However, as it soon became clear how exposed this approach was leaving them and their end users to potential security threats, they understood that a more collaborative approach was required if they were going to secure IoT across the value chain, while safeguarding their technology, end users and brand reputations.
In short, they understood that delivering secure IoT services takes a village, and they need to work in closer cooperation with the other players in the security ecosystem. To do this, they had to break down traditional working barriers and silos, and move instead to a relationship of closer cooperation — enabling them to make connected experiences happen not just seamlessly, but securely.
This “village” took the form an ecosystem of interdependent players — ranging from device manufacturers to network service providers — all working together to proactively collaborate on their security developments, baking it in and aligning it at the foundational level to deliver a robust end-to-end IoT security capability.
This IoT security ecosystem typically includes:
- Device manufacturers — They produce hardware equipped with communications modules, sensors and software for a specific purpose, which can be embedded into the “things” to be connected (e.g., cars, home objects, industrial robots, vending machines, point-of-sale terminals, municipal sprinkler systems, even livestock). Internet connectivity enables the transfer of data to and from the device, bringing the IoT services to life. Security at the device layer is mission critical as it impacts so many other parts of the overall solution.
- Application developers — In-house or third-party partners providing software for a device, through which IoT services are delivered.
- Enterprises — The organization deploying connected devices needs security protocols to protect not only the data transmitted to and from devices, but also to safeguard their IT infrastructure interacting with and managing the devices.
- Network providers — There are many ways to connect devices — Wi-Fi, Bluetooth, satellite, mobile (cellular), low-power wide-area networks (LPWAN), etc. Protocols and safeguard procedures, whether encryption standards, firewalls or SSL VPN, depend on the type of connectivity being used.
- Cloud providers — There are a range of IoT software platforms used in IoT deployments. There are those that collect and process data from an enterprise’s deployed connected devices, and those that remotely monitor and manage the connectivity of deployed devices. Depending on the platforms and their intended use, providers need to implement stringent security controls to protect both the data and the enterprise customer.
- Security companies — Device software, cloud platforms and enterprise IT may also benefit from a protective layer with industry-leading security software from companies like Kaspersky or Symantec. While these solutions are effective in local environments, they’re only a small part of the overall security ecosystem required for running an IoT business.
- Standards bodies — Numerous national and international councils help drive recommendations and requirements for security protocols related to each layer. A well-known example in the payments space is the PCI Security Standards Council (for point-of-sale devices), which monitors threats and advocates standards to help businesses protect sensitive payment card data.
It’s only by having a joined-up approach to security across the entire IoT technology and value chain that IoT can truly be secured.
Remove just one of these players from the ecosystem and the potential risks are enormous. One weak link potentially exposes players across the entire chain. It is only by taking a “united we stand, divided we fall” approach to IoT security that will help ensure a robust IoT security policy succeed.
Mastering IoT security strategy
While the promise of IoT is astronomical, enabling every company to become a connected service business, companies need to make sure they can walk before they start to run in the IoT world. Today’s increasingly competitive market means that now more than ever companies will look at ways to increase margins, drive down costs and create new, previously untapped revenue streams to help them make their quarterly numbers.
To this end IoT represents the current golden goose of the IT world, and indeed it should as the earning potential it has to offer businesses is unparalleled. However, for others who do not proceed with the caution required, it represents the siren’s call, mesmerizing unsuspecting businesses and luring them into perilous waters.
But all is not lost, and for those businesses that are serious about adopting a successful and secure IoT strategy, there is an IoT security checklist from Cisco Jasper that businesses can follow to help set them up for success when it comes to implementing an IoT strategy.
The IoT security checklist:
- Evaluate the end-to-end identification and authentication of all entities involved in the IoT service (i.e., gateways, endpoint devices, home network, roaming networks, service platforms)
- Ensure all user data shared between the endpoint device and back-end servers is encrypted
- All “personal” and regulated data should be stored and used according to local privacy and data protection legislation
- Utilize an IoT connectivity management platform and establish rules-based security policies so immediate action can be taken if anomalous behavior is detected from connected devices
- Take a holistic approach that takes into account digital (firewalls, VPNs, encryption, two-factor authentication, etc.) as well as non-digital measures that reflect organization attributes like roles-based access, and audit trails.
For true end-to-end IoT security to take effect, all players in the ecosystem need to step up and take responsibility for their piece of the IoT pie. Only by ensuring they have a solid IoT security strategy and checklist in place can businesses set themselves up for success when it comes to deploying IoT initiatives.
But as enticing and innovative an opportunity as IoT represents to businesses, if not treated with the respect it warrants it could prove costly. The security threats posed by IoT today are very real and present issues that if left unresolved will dent the industry’s confidence. This could hold the value of IoT back from achieving its full potential.
Only by understanding and accepting that security concerns affect every player and every layer of the IoT ecosystem can IoT truly be an effective, innovative and secure revenue generating force that businesses need it to be.