The Internet of Things (IoT) is spreading out to encompass all kinds of devices – from toasters to industrial monitoring systems – and although it is unclear in what direction it will evolve, the connectivity it provides could present many opportunities to improve workflow and productivity. Jim Reavis, CEO of Cloud Security Alliance, discusses how it has the potential to transform companies as well as consumers.
In many ways, the internet of things (IoT) is exactly what its name suggests – a network of devices that can send and receive data through the cloud to monitor activity, perform automated tasks or trigger processes remotely. Smart devices range from home thermostats to heavy manufacturing equipment. The implications of that connectivity, however, are not yet fully understood. IoT’s potential is effectively limitless and, although no one can be sure precisely how, there is no doubt that it will have a profound effect on businesses and consumers.
A measure of how widespread IoT will become was provided by technology investor and internet pioneer Marc Andreessen – co-author of the first widely used web browser, Mosaic, co-founder of Netscape and current member of the Facebook board – who has publicly stated that, in 20 years, every physical item will carry an embedded microchip. Given its great potential, it is not surprising that there is still some lack of clarity about exactly what IoT is.
“There are a few precise definitions, but they are the worst ones,” says Jim Reavis, co-founder and CEO of Cloud Security Alliance (CSA). “It is really about the use of computer technology for every facet of the physical world. It is a challenge to talk about IoT, because it is about retrofitting the whole world and adding additional functions, like virtual or augmented reality.
“You can organise it around consumer aspects – connecting the body, a living space or transport to a network – or around industrial and manufacturing processes.”
CSA exists to define and raise awareness of best practices that ensure cloud computing is secure. It builds on the subject-matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. Reavis, who has experience in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist, believes that IoT is a game-changer for industry and individuals.
“In terms of individual consumers, it is absolutely changing their lives. In personal healthcare, for example, we see devices that sense, diagnose and help take care of people. These include fitness bands and drones that deliver life-saving medication. We will also see a lot more of the ‘smart home’ concept and autonomous vehicles, but this is just skimming the surface,” he remarks.
“From a business perspective, machine-to-machine communication and automation, as well as communication between businesses and with customers, will leave us with some big questions: what is the human role? What do we do when machines misbehave? Most of the changes will be beneficial, but there are some risks.”
Management consultancy Accenture is among those looking into the implications of IoT for business and believes the industrial internet of things – also known as the fourth industrial revolution or industry 4.0 – will transform companies and countries alike. This could open up a new era of economic growth and competitiveness. Industrial IoT could bring many benefits to business, the most obvious being improvements in operational efficiency. Accenture believes there is also scope to boost revenues by increasing production and creating hybrid business models, and by exploiting intelligent technology. Smart machines can gather and analyse data in real time, thereby accelerating the decision-making process and improving workflow.
“In big business, everyone is using IoT to some degree. A lot of industry automation involves IoT, including the sensors that are used in almost every type of manufacturing, refining and chemical extraction business. There is also a lot of IoT in inventory management, and in health and safety monitoring. We see it a lot in retail and transportation. It is helping companies know when to reorder stock, for example, and in the healthcare sector, IoT devices are often used with patients. We are even seeing it in agriculture, where it can help producers know where to plant seeds and where a lot of heavy equipment communicates through the cloud or by satellite,” Reavis explains.
Understandably, the role of IoT in so many aspects of industry – as well as in the lives of individual consumers – has raised concerns. Security and privacy are at the top of the list, not least because there have been many instances in which connected devices have been compromised.
Earlier this year, stories hit the headlines stating that Samsung smart TVs could be used to eavesdrop on people in their homes. Digging deeper, the risk only applied to certain models and no evidence emerged that any government agencies had been listening in. However, it fuelled suspicions about other devices including ‘smart home’ systems like Amazon’s Alexa.
Nevertheless, there have been more serious breaches of security such as the distributed denial of service (DDoS) attacks that used a large number of IoT devices as part of a botnet army because inexpensive, low-end devices have limited security capability. In October 2016, for instance, the Mirai malware strain spread through such devices as poorly secured routers and IP cameras, and attacked internet infrastructure company Dyn. While, in December, the Leet IoT botnet launched a massive DDoS attack. Concerns have also been raised about the security of autonomous vehicles and the dangers that could result if an outside party took control of, for example, a self-driving car. There are even fears that pacemakers could be remotely controlled.
“Could it, in fact, be the end of privacy? Or will we just need to do things very differently to retain our privacy? Technology will evolve, and give us a higher standard of living and convenience, just as life expectancy went up after the Industrial Revolution. The fact is that the technology will be pervasive. Identifying users and anticipating their needs will be useful but it can put people on edge. Now, we are at a very early stage, so we have the opportunity to look at how to direct its development,” says Reavis.
“We are at a point in time when people are making speculative policy ideas. For instance, Bill Gates has said that robots that take human jobs should pay taxes. The fact is, we should be thinking big picture and broad policy. Business must understand how pervasive the technology is, and that it should look at protecting its crown jewels. That means looking at the cloud system and the data centre where key information is stored.”
IoT for the C-suite
Data security is not a new concern for most departments, including the finance function, but, in the era of IoT, it must be looked at in a different way. The key is to know where to invest in additional security and how to prioritise what should be protected. Given how widespread IoT devices are likely to become throughout the business world and the private lives of consumers, it is impossible to protect everything. There are, after all, IoT devices that cost less than $1 and others, not least nuclear centrifuges, that cost many millions. While it is unlikely that every potential entry point into a network can be protected, there is a great deal that can be done to enhance security for the infrastructure that houses business-critical information.
“You need to understand that these devices are pervasive,” stresses Reavis. “Inexpensive devices will not have innate security, so you need to think carefully about where to install them. You need to deploy them where they cannot cause harm. For bigger devices, you have to lock down administrative controls and use industry best practice for encryption. A CEO must know where a company’s critical assets are and what the protection mechanisms are.”
The focus of CSA is firmly on security, which means it looks closely at the relationship between IoT end points and the data centre in which a company’s crown jewels are kept. While looking at specific use cases, including drones and autonomous vehicles, it also helps to drive businesses towards universal best practices that, once defined, could help balance opportunities and risks. For Reavis, this is how companies can make IoT work for them and limit the scope for it to work against them.
“There is a strong case for people not to ignore the risks,” he explains, “but we should not be afraid of the future. We should, however, be mindful of how technology progresses.
Security needs to be on the agenda. CEOs must understand that IoT will transform their business, bringing new opportunities and new competitors. It will change their businesses in fundamental ways; it’s a hostile world, so they need the architecture and policy to protect their assets.”