The Internet of Things is all around us, and every day we’re soaking it in. It is giving the Internet senses for the first time, which will drive us to the future of business technology.
Sensors are a huge part of the Internet of Things—and soon a big part of the Internet as a whole. According to McKinsey & Company, the Internet of Things will make a US$4 trillion to $11 trillion impact in the world’s economy by 2025. As much as $3.7 trillion of that will come from the manufacturing sector, according to McKinsey.
But what does that mean for your average run-of-the-mill business application? For data processing? And perhaps most importantly, for security?
From the developer’s perspective, the Internet of Things might well appear as a nebulous blob of a million SDKs all layered on top of one another and manifesting in droplets of code everywhere.
For the manager, it can mean lots of little projects and orphaned items running around in the corners, as single items enter the market, become obsolete, and are replaced.
And for the business analyst, it means more data, better business intelligence, and, possibly, a promotion.
Finally, however, for the frontline systems administrator, the Internet of the Things looks more like the Internet of Nightmares.
The elephant in the room
From a security perspective, the Internet of Things offers snooping noses plenty of Things to sniff. Imagine if every server on your network was also attached to a camera, heat sensor, or worse yet, a big fat kill switch?
Cameras alone are a known problem, as cheap, Web-accessible devices float into the market, are installed by novice users, and then are abandoned by their original manufacturers. Technical skill is not even needed to access such devices, with Google offering a tantalizingly easy way to search for open Web servers of specific breeds.
Sean Lorenz, director of IoT market strategy at LogMeIn, said that a lot of devices in the marketplace are not secure to begin with. (He oversees Xively, LogMeIn’s IoT solution.)
“A lot of these products are going to market in the past year or two, and they just are not ready to be out in the wild,” he said. “A lot of that is because they apply same principles of Web applications for IoT, and that’s just not going to work.”
Kevin Surace, CEO of Appvance, said that security is tough in an IoT environment. “You don’t want that data to get in the wrong hands, or to execute against your service in the wrong way. The security [standard] is higher than for a website. The overall service has to not be taken over, the data can’t be stolen, and people can’t create mischief with these things. We’re not making IoT toasters, but if someone did, you can imagine what’d happen. These are really serious issues from a technology perspective,” he said.
“Any enterprise trying to get connected is going to have to do it in a couple ways,” said Lorenz. “They need a really good library, they need the circuit board itself, and they need a good messaging bus; MQTT is what we use. We’ve gotten it to scale now to millions of devices and connections in a day, and really the next step of that is not just making sure we do it out of the box, but that it’s encrypted and secure.”
The heart of the security problem in IoT, however, is the same problem for a lot of networks, said Lorenz. “Identity is at the very core of the problem of security in IoT. Everything is based around who is using your product. There’s a massive many-to-many problem. It’s not just one app to one light bulb. It’s mom, dad and grandma need access when they comes to visit. It’s the housekeeper, the person coming to repair the house, and the reseller’s third-party apps that want access to the data. There are a lot of different identities, and it gets really complex really fast. That’s where I think solving those issues around growth are around authentication and ID access management,” he said.
Tony Rems, CTO of Appvance, said that the way the space is evolving now, many IoT devices are already in a position to be quite invasive of the user’s privacy if their security is compromised. “When you look at how this space is likely to evolve, devices like Amazon Echo or Nest—devices in the home—they’re not technically IoT, but they’re a preview of what IoT can do,” he said.
“Think about the fact that Nest knows about your movements. Look at Xbox Kinect: It knows where people are sitting and how they’re interacting. Echo could be listening to everything you say and capture that data. What happens when someone is able to hack into that network and listen in on homes around the world? What happens if someone hacks into your fridge?
“Ultimately, there’s been a change in the way we think about how we develop applications. When Internet apps became the norm, we never got to a place where there was a standard around requiring that rigor of testing and security before they got deployed. You’re seeing the outcome of that now, with all the hacks that have happened.”
The Internet of Things means dollar signs for product and marketing departments. There are, in theory, billions of new devices in demand in the marketplace, many of which have yet to be invented!
Teams working on those devices, however, have many problems to work out. Managing and analyzing all the data these devices create is one of those problems, while life-cycle management of thousands of individual devices is another.
One thing many developers may be considering to help with this problem is a commercial IoT platform. Said Lorenz, “The purpose of the IoT platform is to centralize data flow. It’s meant to be a harbinger of truth. It’s basically saying, ‘You’re allowed to have access to this…’ and basically be Grand Central Station for understanding who can do what with what data.
“Really, I think everyone is going to live in the cloud Web app, but the routing of the data has not been figured out. We just announced our whole new platform with Blueprint, which is something that does that. It is that Grand Central Station for understanding how to model your entire connected business.
“Obviously, the goal of the IoT is ‘What do you do with all this data?’ As far as market maturity, we’re not there. We tried to connect things a couple years ago, but they break [or] get hijacked. When I turn the damn light bulb on, a lot of people complained it took three seconds to turn the light on. If the experience is worse than the Clapper, it’s not an experience that will succeed. That’s where that middleware helps. But then, where we’re starting to mature in the IoT is…how do we handle complex event processing? How do we do stream processing and event triggers to build on the promise of the IoT, not build on one thing, but multiple things?”
Surace suggests that even testing IoT devices can be a major source of difficulty for teams. “You’ve got functional testing, then you have performance testing off the network. Can the network take all this traffic?” he said.
“One of the biggest areas of IoT that we see is building sensors. You look at lighting sensors, CO2 sensors, etc. You could easily have billions of sensors in a handful of years, across commercial buildings in the U.S. alone. A single service might have to service millions of requests every two minutes. You have to have it not reject those requests. There has to be a protocol for handling requests that come in malformed. Then there has to be security around those.
“All those have to be thought about. Most the people we know that are doing IoT devices today have given almost lackluster thought to testing. They test the device and their cloud service works, so it [must] be good. It‘s true as you roll out 50, or 100, or 1,000 requests, but when you get to millions, you have not simulated it. What happens when you have bad communication? What happens when devices go out of service? How do you know? How can you know if it’s giving you false data? What if it keeps turning up the heat? That’s a serious issue.”
Standardizing the Things
A number of platforms and tools have arrived to help calm the rough waters around the Internet of Things. IBM’s Bluemix offers a platform solution for managing and developing large numbers of items. Other platforms, such as ThingWorx, ThingFabric, and LogMeIn’s Xively offer one place to rule all the Things.
But Hortonworks and Neustar are taking a different approach. They’re working to establish some standards in the IoT and processing spaces, so that future work will be less convoluted and more in sync with other developers.
Hank Skorny is Neustar’s new senior vice president of Internet of Things. He recently joined the company after having worked at Intel for many years.
“One of the things I saw while I was at Intel in our proof of concept deployments was that there was no standardization of ways to address the IoT world, and if you look at any platform, to take off, there are three things it needs to do: have a standard way of interacting, have a standard way of exchanging data, and a standard way of apps to interact,” said Skorny.
He said of the standards effort he’s working with: “How do we—in a universal plug-and-play manner—discover new devices coming onto the network? How do we discover them, test them, authenticate them, establish an ID around them and wrap a policy around how we communicate with them? Once you do that, then you can start to learn the best ways to talk to them and to acquire data in the most efficient manner and then keep it all secure along the way.”
Joe Witt, senior director of engineering at Hortonworks, said that building a standard for the Internet of Things is not something that can happen overnight or in a vacuum.
He said of the standards building process, “In the very beginning, when you’re talking about the data, one thing you have to do is understand there’s going to be diversity. You have to have platforms that can deal with that. From the very beginning, Hadoop is a system that was designed to accept many data formats and data structures. As far as what we see being standardized, there are not a lot of winners there. But based on Neustar being able to do device cataloging and management of that, that’s how we’re going to see convergence to a standard that makes sense.”
Witt recently joined Hortonworks through its acquisition of Onyara. He and the team at Onyara were the originators of the Apache NiFi project, which allows developers to build data process workflows through simple drag-and-drop models.
NiFi was originally created for the NSA to allow it to process huge amounts of incoming data in a manner that didn’t require a data analyst to build the flow. It has the potential to be a game-changer for Internet of Things data processing, said Witt.
For the future of NiFi, however, the work is starting to focus on making the software ready for larger-scale deployments. “Over the next seven months, the focus is on multi-tenancy and expanding what we can do with the data provenance we’re capturing. It’s going to play very nicely with the vision Neustar has not only for driving standards but driving uptake,” said Witt.
He also said the NiFi project will be taking on real-time data processing. “Today, when people talk about real time, really what they’re focused on is how quickly they can get data from wherever it’s produced at the edge of the architecture back to the core. Real time largely means how quickly they get access to the data. But the exciting part is how fast you can turn it into an actionable insight. NiFi and Hadoop [are] shifting to focus on real-time behavior changing. Being able to take the results and immediately affect how the processing systems all behave, which in turn is going to play really nicely with how data from devices is produced and processed.”
So it’s still early days for the Internet of Things. Rest assured, any Thing you release today will be built on obsolete software within a year or two. Perhaps when the standards start to emerge, however, Things will become a little less confusing and proprietary. That can only be a good Thing.