Enterprise IT and the 'Internet of Things'
“IoT devices are innocuous they perform simple sensing or alerting functions and exchange information between devices or between a device and a user”
Much-discussed and often-reported in 2014, the ‘Internet of Things’ (IoT) reached the peak of Gartner Group’s ‘Hype Cycle for Emerging Technologies’ and appears poised to begin wide scale market adoption in 2015 and beyond. IDC forecasted that the market for IoT would reach $7 trillion by 2020, and estimates in this range were repeated by other professional prognosticators. By the end of the year, many companies had managed to fit (if nothing else) an IoT strategy element into their press releases and annual statements.
The term IoT is itself a bit of a marketing label; in reality it’s a combination of things: Big Data, Cyberphysical Systems, Machine-to-Machine Computing, and Ubiquitous/Pervasive Computing. These nuances didn’t stop IoT from being top of the fold for anyone covering the 2015 Consumer Electronics Show. No less than a dozen companies showcased their IoT-savvy-ness with ‘IoT Pavilions’ and ‘Homes of the Future’, showcasing everything from Internet-aware washing machines to sensor-laden bicycles. Everywhere I looked, robots roamed, coffee pots tweeted successful completion of their savory task, and cars texted and were texted to. Presuming that standards can be ratified and interfaces aligned, the dividing line between our physical lives and digital presence will get a lot thinner and in some cases disappear altogether.
While it might seem like the Internet of Things is new and radical, it’s rooted in a set of ideas set forth in 1999 at MIT by Kevin Ashton. Technology needed over a decade to catch up with his vision; it’s been the convergence of low-power wireless standards like Bluetooth Low Energy, the availability of efficient and inexpensive processing power (courtesy of the seemingly relentless march of Moore’s Law), and sensor technologies borrowed from mobile phones that have combined to set the stage for IoT’s emergence as a multi-trillion dollar market opportunity.
Emergence of the Internet of Things is following the patterns we saw in previous technology evolutions. IoT is really just the “Fourth Wave” of connected computing. In the First Wave we had mainframe computers, accessed by terminals and later connected by early ancestors of the Internet. The Second Wave gave us personal computers, initially standalone then connected to servers by modems and ultimately broadband links. Early mobile devices (such as the PalmPilot) connected to PCs, and were later unfettered from their cable leashes by mobile data networks and evolved to become smartphones. Today our IoT devices are connected to PCs or smartphones via Bluetooth or proprietary standards – if I walk away from my Android phone my Pebble watch will quickly let me know something is amiss. It’s just a matter of time before the minions of IoT throw off their smartphone shackles and begin seeking connections directly to mobile data networks.
$7 trillion worth of IoT is a lot of devices, mostly consumer-owned. By their nature IoT devices tend to be something that people keep nearby at all times. Take off my FitBit to recharge it and I risk falling short on the daily step competition I have going with my wife and friends. So what happens when people show up wearing or carrying several IoT devices, all of which are clamoring for connectivity and access to the Internet?
There’s some precedent for this already, as we saw in recent years when corporate IT shifted away from company-owned mobile devices and began implementing Bring Your Own Device (BYOD) systems and policies. Most of these systems are controlled and secured by opt-in forms that require company-provided credentials, or at least an email and a click-signature acknowledgement of terms of service. The use model of these systems range from mostly reasonable to annoyingly complex, and I can say that in my travels around the Silicon Valley I never encounter a guest or public broadband opt-in system that’s exactly like another – each one is a unique work of security artistry. Entering sign-in credentials for them on a PC is fairly easy, on a tablet a challenge, on a smartphone an exercise in frustration. Some systems text you a code, others don’t. I’ll say this; I don’t see myself tapping in network sign-in credentials via the up-down-enter buttons on my Pebble watch. If enterprise IT is going to support IoT onboarding, we need a different approach.
An evolution of the use model set forth by the IEEE 802.11u standard and Wi-Fi Certified Passpoint (formerly called Hotspot 2.0) may be the solution. Created by the Wi-Fi Alliance in 2012, Wi-Fi CertifiedPasspoint™ was intended to be “an industry-wide solution to streamline network access in hotspots and eliminate the need for users to find and authenticate a network each time they connect.” Rather than ask a person to sign-in to different networks, devices enabled with Wi-Fi Certified Passpoint can be verified from a database containing trusted devices. The same use model could be applied to IoT devices, allowing enterprise IT systems to bring customer’s or employee’s IoT devices onboard without requiring action by the user.
Of course, the question of security in IoT needs to be addressed. As of today, very little has been done to consider the security risks created by IoT devices. For the most part IoT devices are innocuous – they perform simple sensing or alerting functions and exchange information between devices or between a device and a user. In some cases (such as cyberphysical systems) IoT devices can initiate real-world actions such as moving a lever or knob. Most IoT systems have (at least in their designed function) little potential to create danger for people or systems. Do I really care if someone hacks my FitBit and learns that I walked 11,818 steps yesterday? Probably not. Yet there could be vulnerabilities we haven’t yet found, and these need to be considered.
As the Internet of Things revolution takes hold and our IoT devices become more and more integrated into our daily lives, enterprise IT will have to determine how to respond. Corporate IT, hospitality IT, public, and semi-public hotspots will all have to content with this – it’s not a matter of if, but when this will need to be addressed.