From Alexa’s random outbursts of laughter to claims that your smart refrigerator wants to kill you, it is easy to see why the Internet of Things (IoT) invokes negative connotations. Some may even say IoT has a dark side, fueled by security and privacy concerns along with uncertainty about what these devices can do.
Although we are talking about the consumer realm, where IoT is more of an overhyped novelty, similar concerns remain in the much larger business (B2B) market. While IoT holds promise to completely transform businesses, disrupt markets and create new value propositions, its perceived dark sides are impeding progress. Just one year ago, Cisco research showed that 60% of IoT initiatives stalled at the proof-of-concept (PoC) stage, and only 26% of businesses considered their IoT projects a total success.
Times are changing, however. Over 69% of global organizations are adopting or planning to adopt IoT solutions this year, and the global IoT market is expected to reach as high as $8.9 trillion by 2020. Clearly, IoT continues forward despite the concerns.
Nonetheless, we must tackle the most pressing IoT challenges to see the light at the end of the tunnel and realize IoT’s true transformational value. Here are five dark sides to IoT, and how we can address them.
1. IoT is driving nearly every industry and company to become more technology focused, with data as a key asset. Thus, securing not only IoT devices but also the data they collect, share and store is paramount. In fact, 97%of risk professionals believe that a data breach or cyberattack caused by unsecure IoT devices could be “catastrophic” for their organizations.
While enterprises are finally understanding the impact of IoT security, it’s been challenging to get to this point. First, traditional security strategies often implemented in industrial environments — such as “security by obscurity” where production operations are separated from enterprise networks — do not work for IoT. Organizations need to take a comprehensive, policy-based architectural approach, which includes the convergence of IT/OT, integration of physical and digital security, a thorough plan before/during/after attacks and adoption of industry-wide standards. Second, IoT security must be everyone’s job — from device-makers, to service providers, to the C-Suite, employees and even governments. I encourage all IoT practitioners and providers to embrace this end-to-end approach and engage with standards bodies.
2. Along with security, IoT needs to ensure privacy to deliver on its promise. In the consumer realm, this evokes thoughts of Big Brother, while in the enterprise, IoT privacy centers on protecting employee data, customer data, the location of the data and more — which, if illicitly accessed or breached, could have a far greater impact than a Roomba sharing data without your knowledge.
Like with security, we are moving in the right direction to promote IoT privacy and we must continue following best practices, such as data encryption and multifactor authentication. More importantly, we must accelerate transparent and explicit privacy best practices, engage with our chief privacy officers and look to the European Union’s General Data Protect Regulation (GDPR), which also covers IoT-related privacy topics, as a model.
3. The lack of standards has hampered IoT adoption and made way for some of the dark sides to prevail. The issue is that legacy, single-vendor, proprietary solutions lead to disparate systems, data silos and security gaps, whereas IoT success requires interoperability and data-sharing within multivendor, best-in-class solutions. To combat these challenges, governments, as well as horizontal and vertical standards bodies, must aggressively develop IoT security frameworks, making IoT safer and more interoperable between legacy and IoT systems. Companies must build their solutions on these open industry standards, which will also reduce deployment costs, speed and complexity.
Fortunately, horizontal bodies such the Internet Engineering Task Force and IEEE, vertical bodies such as ODVA and the International Society of Automation (ISA), and government agencies like the Federal Trade Commission (FTC) are working toward open standards. To continue this progress, IoT industry leaders, practitioners and providers must contribute to this effort.
4. The hype surrounding IoT causes shortsightedness when enterprises embark on their IoT journeys. Blinded by IoT as the next shiny object, organizations mistakenly focus on “cool” technology to achieve quick gains and incremental results. This focus on the technology rather than the business problem perpetuates other misconceptions about IoT that hinder adoption.
Leading adopters realize they must focus first on their primary business goals and increasingly recognize the transformational value of combining IoT with other key technologies, such as artificial intelligence/machine learning, blockchain and fog computing. Fortunately, we are starting to see organizations discern hype from reality and focus more on the long-term and transformational potential of IoT.
5. The fifth dark side of the IoT tunnel is its complexity. IoT is a convergence of markets, sub-markets and ecosystems, with seemingly endless use cases in all vertical sectors, payoffs, opportunities and new value propositions. At the same time, IoT requires fresh approaches to security, change management and selling strategies, along with horizontal standards.
To lighten up this dark side, organizations must understand that it is impossible to successfully implement IoT alone. The key is to build partner ecosystems of horizontal, vertical and local specialists and then co-innovate with them — all while keeping your customer at the center of this hyper-collaborative approach. With diverse, best-in-class ecosystems working together in an open, multiprotocol environment, IoT is less complex and generates more transformative results.
Although IoT’s dark side may be grabbing the headlines, the industry is making strides to shed light on and overcome IoT’s shortcomings. To keep this momentum going, we must continue to evolve standards, embrace new security approaches, build partner ecosystems and educate practitioners and providers alike on the transformational value of IoT. While many of these remedies apply to the enterprise, the consumer realm should also take heed so we can all enjoy the benefits of a more connected world throughout business and society. At last, we are seeing light at the end of the IoT tunnel.
This article first appeared in Forbes.
At the end of The Wizard of Oz, Dorothy realizes what she needed was right in her own backyard all along…. Building IoT deployments don’t have to be a security compromised journey of flying monkeys, apple throwing trees and brainless scarecrows. What you need is has been there all along.. Maciej Kranz another great article.
Hi Maciej,
I fully agree to the 5 dark sides mentioned, however I tend to disagree that the suggested solutions will be sufficient to reach the goal of a properly protected IoT.
Let me explain why I believe we will fail if we proceed as described:
• As you stated, IoT is extremely complex in all directions – various providers, technologies, infrastructures, and an enormous number of connected devices. You’re absolutely correct that we need new solutions and standards which offer true security and privacy by design – BUT establishing new standards by bodies like IETF, IEEE, ODVA, ISA, FTC, NIST etc. currently takes far too long, involves various lobbies with different approaches/solutions in mind and is expensive (so mostly the big players can afford it). This leads to the problem that only incremental steps are taken, but the needed paradigm shift won’t take place
• A paradigm shift is needed, as today’s layered security models feel like solutions from the middle ages – building protection layers around the data. Inflexible, not properly scalable and based on technologies invented decades ago. Unfortunately the IoT is completely different, heterogenous, highly distributed and connected – so where do you build your protective barriers?
To be able to cover the IoT’s security demands we need a distributed solution which protects the data wherever it is created, which integrates the protection within the data (so no additional security layers are required), which allows to freely transmit the data wherever desired/needed, which replaces access control by true data control, and is scalable enough to run on any kind of device, offering true data security and privacy by design.
Even though I agree to the issues you mentioned about proprietary solutions, I believe that one of the big players has to take the frontrunner role and implement such a game-changing solution in his eco-system to prove that only such a major step can prevent from more and more IoT related security issues (and resulting breaches). This solution will lead to such a massive competitive advantage that the market will decide how we protect our (IoT) data in the future…