When a concept is as far-reaching as the Internet of Things (IoT) — involving literally billions of elements — we need principles for organizing and making sense of the data it communicates.
That’s where an emerging IoT subcategory known the “location of things” comes into play. Location is a vital dimension of the IoT concept that encompasses the ability of “things” to sense and communicate their geographic position. In this context, location acts as an organizing principle for anything connected to the Internet.
With more and more “things” connecting to the Internet, the amount of data coming in is overwhelming. We need filters to pull out the data that is valuable for us. We are all interested in the things that relate most closely to our context — whether personally or for our work. Location is the key to context.
The birth of what would become the “location of things” dates back more than 20 years, with the introduction of global positioning systems. GPS technology became fully operational in 1995, blazing the way for a new paradigm in positioning. In its earliest uses, GPS helped the U.S. military navigate across the globe with unprecedented precision. By May 2000, the GPS system was opened up to the general public. It then took another decade for GPS receivers to become small enough and affordable enough to find their way into our smartphones.
The breakthroughs afforded by GPS paved way for the location-based services we enjoy each day: Google Maps, Uber, Waze, Foursquare and others. These multi-billion dollar services all were enabled by the ability of a smartphone to locate itself with fair accuracy and precision using GPS technology.
Most importantly, this new standard made it possible to move beyond the concept that only people could know where things were located. The world opened up when “things” had the capacity to know where other “things” are located.
In all of this, location simply acts as a search engine for geographic data. Before we had Internet search engines, users had to know what they were looking for — perhaps down to the precise URL to the webpage they needed. Then along came Google and other engines to do the work for us. And just as Google and the others help pinpoint data, location data helps organize the billions of internet-connected devices by location based on the sensors and other location-centric elements in them.
What this all means is GPS is just one part of “location-based services” or LBS. Lots of our devices and sensors — along with other assets, people and content — are inside buildings, where GPS has no real reach. That’s where indoor positioning systems (IPS) are creating the next big buzz within the location of things. As IPS technology continues to be enhanced and as more apps that harness its power become available, we’ll see a slew of new data becoming part of the location of things.
With IPS, the position data gathered can help in everything from finding devices and equipment, step-by-step navigation of indoor spaces such as shopping malls, helping with logistics in warehouses, enabling geofencing around sensitive data, assisting in social interactions and more.
What will happen when everything knows its location? Watch for future columns from me, where I’ll explore how the location of things will impact and change our lives in a near future. Here’s a hint: finding “things” is just the tip of the iceberg.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
In the tech community, you’ll be hard pressed to go a week without hearing the term “Internet of Things.” Advancements in this area have already altered our lives and will continue to do so as more and more devices become connected. IoT has had huge implications on organizations and the general population, but what about the security for connected devices? Security is of the utmost importance, but there are many myths surrounding IoT security. Below you’ll find a roundup of some of the top IoT security myths I hear regularly. And I’m here to help put a rest to these myths.
10. “Tiny IoT devices don’t have power to do really powerful security.”
Even early 1980s grade 8-bit, 8MHz chips with only 2k of RAM can do elliptic curve cryptography with a 256-bit key-length and are effectively as strong as RSA crypto with 2,048-bit key length, which is strong enough for U.S. “Secret” level national security information. That crypto is done using such little battery power that signing or verifying data on the hour every hour for twenty years would only use a slice of an AA battery.
9. “Security is too complicated, especially in IoT. You can never win.”
It’s true that effective security never stems from any single silver bullet. Instead, just as most good houses need a few walls, a roof and a floor, effective IoT security can be composed from a short list of crucial ingredients:
- Good crypto to protect the authentication and potentially protect the confidentiality of data
- Cryptographic verification of any and all code and configuration before permitting the code to run with any configuration.
- Third-party runtime security by security professionals to mitigate any vulnerabilities in the code
- Over-the-air management capabilities, including update and software inventory management, telemetry and policy management for security agility
- Security analytics to find and fight sophisticated adversaries who don’t trip any alarms
These ingredients are simple and strong enough to protect top brands against the best attackers.
8. “Can’t update these devices.”
Many devices are difficult to update, but almost none are impossible. Industrial systems are deployed for 19 years on average. Cars and medical equipment are similarly designed to last decades. Now, we see industrial equipment vendors issuing updates for multi-decade old equipment as businesses bank on the integrity of those devices. We see the same for medical equipment, ATMs, point-of-sale devices, retail kiosks and now even cars.
7. “Security is too expensive for the billions of devices we deploy.”
At scale, security often costs only dimes per connected device. For any connected device north of $20, that seems entirely affordable, and reckless to jeopardize your brand by skipping or skimping on security. Some consequences are too expensive to risk when prevention is pocket change.
6. “We have air gaps, gateways & network segregation protecting us.”
Nearly all systems are connected in ways that their creators might not know, but attackers quite creatively find. This has been demonstrated repeatedly on military, intelligence and critical infrastructure systems, including, but not limited to, Stuxnet. Last year, an attack damaging a steel mill blast furnace in Germany went straight through a gateway designed to protect the operational network from such attacks. Gateways help reduce risk, but are not enough to provide adequate protection alone. Just as air gaps are not effective, VLAN’s and other logical separation are even less effective. For high-value systems, harden them from the inside and don’t gamble on the reliance of gateways, air gaps and network segregation.
5. “Blockchain vs. PKI”
Blockchain is a great ledger system for recording transactions and for digital (and physical) objects to carry such ledgers as they go. Unfortunately, most people forget that the ledger level core of blockchains rest on lower level foundations of traditional cryptographic operations for signing each transaction with traditional crypto ops, libraries, keys and credentials. Bitcoin, for instance, uses elliptic curve crypto with a 256-bit key strength, the same as often advocated for IoT systems with or without blockchain-style ledger needs. Key management is often an Achilles heel of most crypto-systems. That’s why more than a billion IoT devices already use the world’s most proven key management system, a Certificate Authority offering managed Public Key Infrastructure (PKI). Good PKI in the lower level foundation makes the ledger level core of blockchain stronger. In other words, blockchain is best leveraging good PKI.
4. “We just need vendors and standards groups to solve this faster.”
Vendors and standards groups are making progress, but that process takes time. Unless customers start asking for the types of security they need, such as the “ingredients” mentioned above, equipment vendors will continue selling equipment both without security and, more dangerously, with security as an adjective that doesn’t really measure up to adversaries.
3. “Ops teams running operational tech just need to learn from IT.”
IT vendors and staff have historically not been welcome in operational discussions and for good reason. Operational constraints are far different than IT environments and consequences far higher, often with radically different timescales. For better or worse, many technologies needed on the OT side have been used for years on the IT side. However, until IT vendors and staff learn to speak and appreciate OT language and culture, OT teams won’t have any confidence that the technologies have been selected and adapted appropriately for their environments. IT security has far too many tools in the tool chest for OT ops teams to manage. Picking the right tools and adapting them appropriately requires collaboration between IT and OT.
2. “Our systems are so obscure nobody can figure them out enough to do damage.”
Steel mills, water treatment plants, power grids, factories, power generation plants and countless other systems have been hacked as a result of that naïve belief.
1. “I can do it alone.”
History and recent headlines are littered with the shame of companies who attempted to manage security single-handedly. No one company — and no single vendor — can beat all the attackers by themselves. Defenders need to stick together. Hire professionals and be sure they have good partners in hardware, software and cloud computing, as well as what is relevant for your particular vertical.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Google Nest’s shut-off of the Revolv product it acquired in 2014 is just one example of what may become a common occurrence. E-consumers expect everything to be warrantied forever and always connected. When those devices are on subscriptions or contracts, as they often are, they can be kept functioning, supported and moving forward. But, as demonstrated by the Revolv bombshell — and that’s not too strong a word, if you are, I mean were, a Revolv customer — that’s not always the case.
Even in the industrial world, embedded systems often fail to be updated, and oftentimes become old and less possible to secure. This can be seen in old SCADA systems that manage large multisite industrial complexes, providing data collection and aggregation. SCADA systems were most often air gapped — not connected to the outside world — making security far easier and more realistic. These systems in many ways are the predecessor to IoT. By connecting these systems to the Internet — creating IoT — the security issues are endless, and now they must be updated, patched and protected.
When we as consumers buy something — whether it be a computer, phone or other device — we expect it to run forever. Or do we? Tech-savvy consumers recognize that most devices have a finite lifespan before the hardware or software is outdated or inoperable. We’ve all seen the phone that gets too slow and the computer that crashes too often. These are not just due to the age, but the complexity of the software as you upgrade to new versions with additional features that require more horsepower and elbow room to function well.
This changes considerably with IoT, as the device has a very focused function. In the case of the Nest Hub, it was a simple gateway controller. This means that it helps with home automation tasks. In order to function, there are costs paid for by Google (Nest) associated with securing and upgrading the gateway, hosting the Web services, and maintaining the application and infrastructure. When this becomes less strategic, companies will force an update to a newer platform and deprecate old services or devices. For example, if you have an iPhone 4, you cannot run the newest operating systems from Apple; you are forever stuck on iOS 7.1.2 with its security issues. Remember the iPhone 4 came out in 2010, less than six years ago. Similarly, if you have a PC with less than 1 GB of memory, you cannot run Windows 10. These are both good reminders that often times older devices or hardware are not supported forever. The same is likely true for IoT, especially consumer-facing devices with shorter lifespans.
End of life occurs based on the strategy of the company, the cost and complexity of supporting the technology, and the need to eliminate technical debt in order to innovate. With vehicles, for example, you pay a subscription to get the newest software, navigational maps and other services. Alternately, you can decide not to subscribe, and your car still functions with less accurate, less up-to-date software and systems. As these cars become increasingly connected, we will see the same types of issues we saw when SCADA systems became connected — namely, increased attacks and issues — which may impact safety. In order to mitigate this, manufacturers of vehicles may either offer subscription services to keep the vehicle updated and secured, or risk having upset buyers who own vehicles that are unsafe or less functional.
In enterprise software and hardware, you see various strategies employed by vendors. Many will offer specialized support for end-of-life products, where the user of the software or device pays an incredibly high yearly service contract to keep it functional. Otherwise, you see end of life occurring regularly. Most vendors publish end-of-life timelines to allowing customers to assess the risk.
This is the IoT buyer’s dilemma we find ourselves in today. The questions remain: What model will dominate in the future? Will it be subscription-based? Will users expect software and functionality for life? Which model will present the most compelling business case and ultimately win out? We need a connected crystal ball to see the answer!
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Connected audio devices include a variety of consumer electronics connected to the Internet for the primary or secondary purpose of streaming Internet-delivered audio content such as music, Internet radio or podcasts. These devices include smartphones, tablets, PCs, digital media servers and players, audio-visual receivers (A/V), networked audio players, home theater systems, soundbars, multi-room audio systems, shelf audio systems, streaming media devices, wireless speakers, speaker docks and Internet/clock radios.
Connectivity enables some devices — or device apps — to act as controllers for content delivery to other connected audio devices, such as a Philips soundbar that delivers audio content to other wireless speakers in the home. Connected audio devices may also enable additional wireless interactions and possible integration and control over other smart home devices through a smart home platform. The connectivity of the Internet coupled with audio as a medium of interaction — not merely playback — is opening up a range of new possibilities for voice-controlled audio devices.
The economic landscape is marked by the disruptive effects of smartphones, digital music players and streaming media devices, which have increasingly challenged sales of traditional, non-connected home audio devices. Sony predicts that as sales for home video (Blu-ray, digital video recorders) and traditional audio components (stereo systems, amplifiers, Walkman devices) decline, the growing audio category — comprised of soundbars, wireless speakers and headphones — will account for 50% of its sales of products for the home video and sound market by 2017. These products provide compelling value propositions for consumers who increasingly want to enjoy the connected, wireless experience of mobile devices in the home.
Connected home audio device sales have benefitted from the following:
- High-penetration of home Wi-Fi networks
- Pervasiveness of Bluetooth- and Wi-Fi-enabled devices
- Convenience and portability of wireless networking
- Rapid expansion of streaming content services
Connected audio product innovations are supplanting traditional audio products, such as the once-popular home theater in a box, the traditional rack stereo system of components, wired speakers and speaker docks.
The technological landscape is marked by recent introductions of several new home wireless streaming technologies, including Google Cast, DTS Play-Fi and Qualcomm AllPlay. Two-thirds of U.S. broadband households use a streaming audio service; 40% exclusively free streaming audio services, while 26% subscribe to a paid streaming audio service as of mid-year 2015. These new technologies offer device makers greater flexibility for whole-home audio, higher-resolution wireless audio than previously available and broader compatibility with other devices. The variety of in-home wireless technologies creates a highly competitive environment as device makers align their products with one or more technologies and test what combinations will prove most appealing to consumers. Major streaming audio device makers such as Sonos are also seeking more integrations with home automation platforms. Where home control developers such as Control4 and Crestron previously had to reverse engineer Sonos integrations for limited functionality, Sonos began opening up its API to a limited number of developers in late 2015. At CES 2016, Sonos announced a new integration with the Insteon home control platform.
Finally, the design landscape for connected audio devices has been largely influenced by the “Apple-ification” and “app-ification” of the consumer electronics space. Concern for product design in the audio space is not particularly new; however, Apple changed the game on making product design an integral part of a brand — and a key differentiator among competitors. In the current environment, breakout brands in the connected audio space are those that combine advanced technology with fresh designs. The expanded visibility of connected audio devices throughout the home also creates an opportunity for product design to harmonize with home décor preferences as an integral part of the product offering.
Likewise, the increasing integration of mobile apps with connected audio devices extends product design into the app space, where the user experience in the app becomes just as important, or perhaps more important, than device design by virtue of the app becoming the principal point of interaction with the device.
Wave interference is the technical term for when two waves meet. The resulting displacement or superposition is the combined net effect of each wave. IoT data and analytics reflects in many ways the superposition between IoT and big data.
IoT is a continuously evolving concept, and some definitions include IoT data and analytics as part of the concept, yet fundamentally, the Internet of Things is the network of physical objects or things, digitalizing information about the environment and exchanging that data across the existing Internet structure. Big data too has not been immune to various definitions, and one of the more commonly applied understandings is that by McKinsey that big data are “datasets whose size is beyond the ability of typical database software tools to capture, store, manage, and analyse.”1
These two waves, IoT and big data, have started to meet, and not only that, have had a significant multiplier effect on the superposition outcome. The number of connected devices continues to grow and accelerate with the demand for more and more data. The value of data has also started to change in a positive direction with more and more insights achieved with real-time data sources and data aggregation.
The combination of IoT and big data has had its demands on enabling technologies. Fast data has generated new requirements in terms of data ingestion and in-stream processing. Big data has placed new requirements on data storage and how schema and queries are managed. Let’s examine these in slightly more detail.
Fast data becomes an important game changer
Big data is an important factor in IoT data and analytics, however the fundamental and more significant change that has taken place in data management and analytics has been driven by the speed with which data is now being processed and fed back into action in near real-time. From traditional batch processing with historical analytics driving insight over periods of days and weeks, fast data is about real-time ingestion and in-stream processing of data, down to seconds and milliseconds of actionable feedback. Examples of database providers able to meet these requirements are Exasol, SAP HANA, SQream and VoltDB. Fast data does away with a fairly traditional extract-transform-load (ETL) approach and has pushed the analysis of data from a back-end business intelligence activity to a critical front-end application plus feature; application plus referring to the expected outcomes of such applications as predictive maintenance or prescriptive decisions for medication routines, both involving a degree of machine learning/advanced analytics.
Big data is the challenge on the other side of the coin
Big data is not a new phenomenon. Big data has become an increasing challenge for many enterprises, and enablement technologies such as Hadoop are really what have driven this new opportunity space. With Hadoop, or more specifically HDFS for distributed file storage and MapReduce for distributed processing, enterprises were finally able to scale-in and scale-out their data storage requirements in a more flexible and cost efficient manner rather than the more traditional “more data, one more server” approach. Examples of database providers here would include Cloudera, Hortonworks and MapR.
Big data has also been about variety of data and not just volume. Here, NoSQL databases2 or new hybrid databases have pushed boundaries, creating schema on the fly or on read, and dispensing with the more cumbersome and limiting RDBMS columnar approach. As the growth in numbers of connected devices continues, the richness and variety of data sources will continue to expand, and from highly structured data, enterprises will need to work with semi- and as well as completely unstructured data to gain the additional value from data aggregation.
The value engine in IoT data and analytics
The creation of value comes from all the components in an end-to-end IoT application. Devices contribute to the value. Connectivity contributes to the value. Applications certainly have a major contribution component as does the data and the analytics. What is interesting to consider, as illustrated by the multiplier effect in the two-wave model at the start of the article, is the net effect combining IoT and big data has — a superposition or multiplier effect which is greater than the parts.
Data is a reusable commodity, and where value may initially be unlocked from the single data point in real-time, the aggregation of single data points, real-time and historical will also yield additional and valuable insights previously unidentified.
1McKinsey Global Institute, “Big data: The next frontier for innovation, competition, and productivity,” May 2011
2 For some more information about NoSQL databases, read the Machina Research Research Note, “Why NoSQL are needed for the Internet of Things,” April 2014
The Internet of Things has become a catchphrase for everything from self-driving cars to tiny sensors we swallow like pills. Regardless of the hype, the next wave of innovation will clearly leverage connectivity and the Internet deeply and in ways never before possible. From a practical standpoint, this means millions of new “Internet of Health” devices will be added to health systems over the next five years. According to a report from MarketResearch.com, the healthcare IoT market segment is poised to hit $117 billion by 2020.
With this growth comes greater complexity. Regardless of the specific new “Thing,” what are the key attributes to keep in mind in order to grow new solutions safely into large-scale solutions? First is clearly security, which cannot be tacked on later. New ways of securing tiny devices are available, but the products must be carefully designed to be secure–it’s more than just encryption, it’s how to maintain trust and privacy. Trust means knowing the identity of the data so you can act with confidence.
Second is manageability. The cost of the Internet of Health can be dominated by operating costs if the systems are not designed like the best enterprise tools for easy commissioning, updating and operation. Especially with IoT you have to be smart about large numbers of devices possibly distributed across broad geographies.
And finally, just like the best cloud-based technology, IoT systems should interoperate with your existing technology through clear and standard APIs. It should be easy to flow information across a well-designed IoT system and into your favorite connected application from report generators to machine learning data analysis tools.
Another dimension of IoT is its effect on existing devices and practices not just on new products. By using new sensors, for example, we can now measure and learn more deeply and more completely than was possible before, even if we are using existing equipment. Ease of deployment is key.
By using software-driven techniques, we can synthesize results from multiple sources (sometimes called “sensor fusion”) to yield new insights faster than ever. The results can be as straightforward as better operations by using predictive analytics to avoid equipment failure to new ways of improving the patient experience by sensing traffic flow, finding the right equipment faster, or lowering the cost of care through better environmental management.
Cars are now some of the largest and most expensive mobile computers on the planet, each being manufactured with several hundred millions of lines of code integrated into their systems. The code within these machines can do everything from connecting to our smartphones’ infotainment systems to analyzing the proximity of other cars on the road. Yet while IoT software simplifies our lives — from recording our steps and heart rate on the cloud to remotely changing our thermostat’s temperatures — developing IoT software is a lot more complex than traditional software development.
Imagine the following scenario: Your car recognizes you as you enter the car, and after consulting with your smartphone calendar, it knows you’re off to your weekly poker night with your friends downtown. It checks the real-time traffic information and recommends the fastest route to your destination. After you lose at poker (again), you’re heading home. Your smart refrigerator at home has already notified your smartphone that you need to pick up milk and other groceries on your way home, and your car routes you to your favorite local store. The next day, you’re driving to a meeting when the car notifies you that the oil pump is about to go bad and suggests that you to visit a dealer along the way — one that it knows is open at this specific time. Prior to making that recommendation, the car has already checked that the dealer has the part and scheduled the appointment for you. After a quick service, you’re back on the road.
This scenario is no longer science fiction, and the technology is already here.
What happens under the hood (literally)
To support these advancements, the car manufacturer has three software teams:
- A team focusing on developing the software that’s embedded in the car. This software is responsible for the interaction with the driver, providing health data, phone connectivity, etc.
- A team focusing on big data. This is the software that aggregates and analyzes data in real-time from the millions of cars on the road and all third-party connected services. This component is the one that receives the S.O.S. signal from your car about the impeding fuel pump failure, finds the dealer and directs the car to the shop.
- A team focusing on building the mobile app for seamless integration with the car’s infotainment system.
Requirements for managing IoT software complexity
Coordinating these three software teams is a challenge without the proper DevOps platform. Any software upgrade must be coordinated in such a way that it will not break the functionality between the different software components installed on different devices. Such a complex software design, with such high stakes — from missed appointments to driver safety — requires shared visibility, shared reporting and an integrated dashboard for centrally managing the software delivery. This allows the project team leaders to see the progress of any change requests or software updates on three different software tracks and ensures that each software release is going smoothly, with no quality issues or possible integration failures that could disrupt the service.
The three software teams will need a single integrated DevOps platform that can handle three different deployment-targets, each with its own specific deployment process, stack, etc.:
- The embedded software in the car itself, where software upgrades are usually deployed over-the-air.
- The data center for the big data storage and computation, where software updates are done over the Internet.
- The mobile app, which is upgraded via the app store mechanism.
In addition to the standard continuous delivery and DevOps platform requirements, there are additional important requirements for a multi-target solution for IoT companies to accelerate software delivery securely and reliably, while improving the quality of service:
- The ability to handle different deployment paths (e.g., embedded device via over-the-air update, data center via Internet and mobile app via app store) from a single integrated solution.
- The ability to enable teams to own the pieces of orchestration pertaining to their applications while enforcing a separation of duties.
- The ability to orchestrate the delivery pipelines for each team and manage the dependencies between these pipelines.
- The ability to provide an artifact repository to store and trace the life of each artifact.
- The ability to provide centralized dashboards and processes to facilitate the monitoring and management of delivery pipelines and releases.
- The ability to enable zero downtime upgrades and automatic rollbacks for full-stack or partial IoT service updates.
- The ability to provide complete traceability with automated compliance reports that are available on-demand.
Through a single, integrated, DevOps platform, the project team leaders can have a single dashboard to track progress on each software team, and the variability management of artifacts from three project teams can be centralized to accelerate deployment and to eliminate mistakes.
Furthermore, with the smart deploy feature, the integrated DevOps platform has control over the upgrade processes to three different environments, simplifying dependency detection and reducing the risk of undetected bugs.
Getting IoT right
IoT has ushered in a plethora of new and useful services that enrich our lives, simplify it or save us time and money. To provide these kinds of connected — and complex — services, software companies must have at least three different software teams, and they have to deliver the different, integrated service components across different platforms and devices. In addition, software upgrades must be coordinated across all environments to ensure service continuity. Only an integrated DevOps platform can provide the traceability, visibility, shared control and the ability to react quickly for these complex software development, test and deployment processes.
My previous article analyzed how many IoT standards bodies and consortia there are, and it went on to list many of them including Thread, IPSO Alliance, AllSeen Alliance, IIC, oneM2M, FiWare and Open Connectivity Foundation. I also mentioned IoT connectors like IFTTT. They are all well-meaning organizations, they each have a different angle to justify their existence, and it could be argued that the work they do is vital because today in IoT there is no easy way to connect disparate devices and systems, each of which have their own protocols and APIs. For the Internet of Things to truly flourish, and for sustainable ecosystems to emerge, surely we need some IoT standards to work from?
However, to predict the future it’s often useful to look at the past, and if we look back to what happened in the mobile industry, I wonder whether the industry giants like Google, Apple and Samsung will (in the end) dominate once again.
I was in the mobile comms industry in the late 1990s to mid-2000s where hundreds of millions of dollars of VC money was pumped into companies that were creating solutions to solve problems including “sync” (the ability to sync a phone with the cloud), “monetization” (systems for enabling developers to make money from apps), “app discovery” (ways for app companies to get their apps discovered and downloaded), “mobile advertising,” “mobile music” and “mobile wallet” (ways of turning your phone into a means of payment). At the same time, there were numerous standards bodies and consortia trying to solve the same problems. I used to track all the players in the space, and my spreadsheet from 2011 showed 259 companies! (I still have the spreadsheet if you are feeling nostalgic and want to see all those names jockeying for position in mobile).
Then along came Google and Apple, and they said, “Move out of the way guys, we’ve got this covered.” They offered sophisticated app stores replete with app discovery tools, full monetization suites including in-app billing, subscriptions and advertising, and robust mature SDKs and APIs which made it easy for developers to build great apps. Their mobile platforms (Android and iOS respectively) handled sync, phone-to-cloud services, backup, speech-to-text and text-to-speech, navigation / mapping, and all those other services that we now take for granted. It’s hard to believe that just five to 10 years ago hundreds of millions of dollars were being spent by start-ups trying to solve those problems.
Comparing mobile to IoT, are we about to see the same thing happen? We have a plethora of IoT standards bodies, we have hundreds of companies getting funded, and … we have Google, Apple, Samsung and others waiting in the wings. Enter stage left, industry giants. Let’s take “connected home” as an example of what’s happening:
- Google has been busy with the Brillo IoT operating system, the Weave IoT language/protocol, and its involvement in Thread Group via Nest. Google has learned from Android (in mobile) and Chromecast (in TV) how to use its vast resources to create a totally open ecosystem which fosters innovation and critical mass.
- Apple is driving connectivity between devices via HomeKit. However just as in mobile, Apple’s modus operandi is to tightly control the ecosystem.
- In the mobile industry, Samsung became the biggest mobile phone manufacturer. In IoT, Samsung sees a massive opportunity to sell billions of devices as well as move up the stack to become the glue for IoT via SmartThings.
- Amazon missed out on mobile, but won’t miss out on connected home because its agenda is being driven by the Echo smart speaker and hub, and the Alexa voice recognition platform.
- Microsoft never quite became mainstream in mobile after so many false starts around Windows CE, Windows Mobile and more recently Windows 10. However Microsoft cannot be dismissed in the connected home because of the widespread adoption in homes of Windows PCs and Xbox. Windows 10 IoT Edition is something to watch.
And that’s just the connected home/smart home subset of IoT. When I look at Industrial Internet/Industrial IoT, I see the same pattern of industry giants repeating itself, except the names are different. In my previous article I surveyed all the IoT standards bodies to see which industry giants are part of them, and I found that Cisco is by far the most active, followed by Intel, IBM, ARM and GE. Other major players in Industrial IoT include Honeywell, SAP and Microsoft.
In summary, here are my conclusions:
- Many standards bodies, many competing initiatives, yet no universal IoT standards today
- In defense of the IoT industry, the device and use case landscapes are very fragmented too
- IoT standards have the potential to cost-effectively address common challenges like security, communications protocols and data formats
- Although everyone accepts that wearables/smart home/connected car/smart health will all need to interconnect, Industrial Internet will probably always have separate standards (if any at all)
- Some giants like Cisco are hedging their bets by joining many of the organizations, others like Google and Apple are marching ahead with their own agenda and technology
- On a scale of “protectionism” vs. “open source,” the market will lean towards open source solutions
- In standards vacuums like this, history tells us that the industry giants tend to dominate in the end
- As we have seen in mobile, the race to standardization takes up to 20 years, and in the meantime IoT represents a huge market opportunity for technology companies to fill the standards vacuum
The Internet of Things has reinvented traditional company-consumer relationships over the past year and a half — and it has only just begun to make its mark.
At the Connected Things event Tuesday in Cambridge, Mass., a panel explored how IoT is helping organizations pivot from throwing ads and coupons at consumers to enhancing their overall customer experience.
For example, an innovative campaign printing the latest headlines in real-time on paper towels dispensed in local mall and cinema bathrooms boosted traffic to the free Mexican newspaper Máspormás by 27% in its first two weeks. Another example highlighted a Women’s Aid digital billboard of a bruised and battered woman whose injuries slowly disappeared when viewers eyed the screen, striking a chord with onlookers.
As Charlie Ungaschick, executive vice president of marketing at PTC, put it, “The person connected to the physical thing is a powerful thing.” Years ago, he explained, the only connection between brand and consumer was the often thrown away warranty cards. Nowadays, when an IoT product is powered on, manufacturers are immediately connected to the user.
Rebecca Schuette, director of marketing at Swirl Networks, reiterated the importance of customer experience at the event hosted by the MIT Enterprise Forum of Cambridge.
“For the retailer, it’s about increasing basket size and driving more data to the store,” Schuette said. “But at the end of the day from a consumer’s perspective, I want to get an excellent customer experience every single time I interact with a brand whether it’s online or my device or in-store. I want them to know about me so they can cater to my preferences.”
Thomas Walle, CEO and co-founder of Unacast, called IoT a “data capturing tool” that helps companies better understand customers and fans. Collected data can be leveraged to personalize online content, run retail analytics and transform online advertising.
However, using IoT to enhance the consumer experience isn’t without its pitfalls.
“In the era of personalization, the data is incredibly important,” Schuette said. “Consumers in this opt-out landscape can shut down this layer of personalization really really quickly. You need to make sure from a data perspective that you’re totally transparent, it needs to be opt-in right now; it needs to be delivering value. People are okay with sharing data if they can get whatever they want in their mind to actually happen.”
Walle added that transparency can also eradicate the consumer notion that location-based technology is “creepy” and change it from “Big Brother is watching you” to more of a “Big Sister is making your life better.”
Still, several barriers can prevent companies from truly benefiting or even implementing IoT for marketing in the first place.
Greg Raiz, founder and CEO of Raizlabs, noted cost and user adoption. “In a lot of these scenarios, the user has to opt in or download an app or take some secondary action,” Raiz said. “There are some passive solutions that are possible, but cost continues to be a barrier for mass deployment.”
Walle noted companies are apprehensive when it comes to sharing. “There is so much cool stuff being done with IoT,” Walle said, “But (companies) are very afraid of sharing what they do. There’s tons of good stuff being done out there, if we shared more, it would foster innovation.”
“There is also the fear at the organization and retail level that consumers are moving too fast,” Schuette added. It takes a while for companies — often up to a year — to fully scale an IoT marketing initiative. By that time, Schuette said, there can be “a bit of paralysis” if consumers have moved onto new or different technology.
Newsflash: security in the Internet of Things calls for a completely different approach than that used for “traditional” Web-centric IT.
Connecting more things changes the way we secure things
As objects, people, infrastructures and environments in the physical world around us grow more digitized, the approach to security requires a shift, a shift from IT security architecture to IoT security architecture.
Companies must consider numerous fundamental changes to successfully transition to this new architecture and way of thinking. To begin to understand why security in IoT is different than “traditional” IT security, organizations of all types across any industry should begin by considering three key questions:
Question 1: What are we trying to protect?
By its very nature, the Internet of Things is not singular to one piece of technology, one business unit or one vertical. Rather, to deploy and connect devices, objects or infrastructure in an enterprise or consumer context inherently implies connections between multiple endpoints. Any connected application, whether a connected thermostat in your home or a fleet of sensor-clad wind turbines in the field, includes some configuration of devices, applications, networks and, of course, people.
When taking inventory of the threat surface (i.e., the landscape of potential vulnerability), organizations must assess risks across the “IoT Security Stack.” These areas aren’t just technological system components, but also the people and organizations who participate in the system, both internally and amongst partners.
While device, application and network (i.e., technological) security are central to safeguarding any connected landscape, people represent another critical aspect of security that is often overlooked. Password security, BYOD environments, employee churn, lack of security training and simple human error are among the many risks that the human dynamic presents in any system. Remember, in the Internet of Things, a secure system is only as secure as its weakest endpoint. Empowering people helps strengthen security.
To understand the fullest context for protection requires organizations take holistic inventory, not just of their proprietary endpoints, devices and systems, but across all linked or associated devices, applications, networks, users and constituencies. Asking “what are we protecting?” is the starting point to:
- Identify this ecosystem
- Identify how the sensors and data we’re adding to and collecting from products or infrastructure fit into that ecosystem
This is a critical first step to developing a security strategy.
Question 2: What would happen if our “smart” system was compromised?
In the event of an emergency, what happens? Many, many businesses today lack any idea — never mind a formalized and distributed plan — for what happens should they find themselves in a data, systems or physical security emergency, breach, hack or other compromise. Companies have a clear sense internally of:
- What the threat surface is
- Where and with whom technology and systems components are associated
- What the actual threats are
- Where the threats may originate
- How to mitigate against those threats
- How to identify when an issue is occurring
- How to respond in the event a partner is compromised
- How to thwart, analyze, classify and communicate about the problem
They should also have a formalized plan in place for external communications about data-related crises — to partners, media and, most importantly, customers and end users.
As security practitioners plan for the what-ifs, they must recognize that IoT security requires a multifold approach that addresses legacy, current and emerging security challenges at once. First, organizations must meet traditional IT security challenges associated with legacy architecture and environments. Next, they must address the challenges introduced by our current generation of technology, characterized by cloud, social and mobile. Finally, as computing interactions and interfaces proliferate, as new classes of technologies emerge and as these interactions drive entirely new economies, organizations have an obligation to at least attempt to address the unforeseen, unintended and uncharted consequences of such digitization as best they can.
Question 3: What does personally identifiable information mean anyway?
Virtually every connected environment involves some element of personally identifiable information, also known as PII. If not data transmission, then data integration; if not integration, then employee or end-user associations. But thinking about security and privacy in IoT requires that we reconsider the very composition of personally identifiable information.
The definition of PII in the Web 2.0 world enjoyed some clarification. The NIST Special Publication 800-122 defines PII as “any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial and employment information.”
As we transcend the laptop and digitize objects and environments, as we juxtapose, integrate and monetize diverse data sets from diverse environments, what is or may be “personally identifiable” is far less black and white.
What is clear is that sensing technology is architected to sense physical realities: location, acceleration, temperature, heartrate, moisture, sound, light, position … the list goes on. And when these inputs are viewed in contextual spheres greater than themselves, they tell stories greater than themselves.
Fitbit’s ability to track steps and heartrate generated the same data that revealed its users’ sexual activity patterns, for example. The company quickly made such data — initially default set to public — private in response to outcry.
Whether or not an individual’s movement and activities through time and space are “linked or linkable” is unclear, both in the eyes of the law and in the eyes of those collecting the data. It’s also unclear to end users generating the data:
- Are my comings and goings from my home personally identifiable?
- Is the way I drive my car personally identifiable?
- Are my biometric responses to stimuli personally identifiable?
Advertisers, insurance companies, manufacturers, retailers and employers are all vying to gain as much empirical context as possible, but where do we place technological limitations in favor of human sensibilities?
While no single organization can definitively answer these questions for every context, it is in its best interest to analyze the implications for use cases generating such data and how to manage and safeguard this data. In the event of a data breach, data malpractice or related crisis, such planning and documentation will help companies fare better in court. As businesses vie to collect as much data as possible, they must consider the unintended consequences of data collected and integrations with applications of such data.
Questions reflect a new reality and demand a new IoT security approach
There are a variety of resources organizations can access to aid with each of these questions, but approaches to IoT security will vary. To aid in the quest to truly secure “Smart Systems,” Harbor Research has developed a three-step process to guide organizations in their approach to IoT security, accessible in full here.
While each of the above questions is central to an IoT security strategy, you might have guessed they are far from easily answerable checkboxes. Businesses must begin by assessing existing infrastructure, current development initiatives (including product, process and people), and align these against a larger enterprise strategy for both security and privacy protection. Forward-looking IoT security strategies begin with product design, but like IoT itself, they transcend products, across services, stakeholders, customer segments, threat vectors and lifecycles.