As people become more inclined to let technology into their lives and homes, the market for Internet of Things (IoT) devices flourishes. In fact, according to research from Bain, the IoT market is expected to grow to $520 billion by 2021, which will be more than double what it was in 2017.
Jonathan Sullivan, CTO of NS1, believes the first wave of IoT came when people started to realize that you could put a SIM card in just about anything and have it connect back to the Internet. While not particularly useful, those applications did gain a lot of attention. “I think there was initially some hype around it when people realized you could connect your rice cooker or your toaster to the Internet and have it trigger on a schedule or link up to your calendar,” said Sullivan. However, those types of applications of IoT did not prove to be very successful in the market, he explained.
Devices running Amazon’s Alexa or Google Home, for example, don’t often get thought of as IoT, but “definitely kind of fits the bill,” explained Sullivan. There is an entire ecosystem of devices that have emerged around those types of devices, such as smart lightbulbs and home control solutions.
“All of those have kind of converged and merged so that it’s easier to control everything in the smart home,” said Sullivan. “So I think the smart home is its own category, but it’s definitely what I would consider IoT — Things that are not computers that are now enhanced by their ability to connect to the Internet and do something more than they would otherwise be able to do because they’re provided with context or connectivity to other devices or they’re linked together.”
The more insights you can gain on yourself and your surroundings, the more opportunity there is to improve life, explained Greg Baker, global VP and GM of cyber digital transformation at Optiv. For example, a smartwatch that can predict the early signs of a heart attack has the potential to save someone’s life if they are able to get to the hospital faster than they otherwise would have, he explained.
According to Sullivan, another example is Nest, which makes smart thermostats that can be controlled via the Internet or be put on set schedules. In New York City, Nest has a partnership with Con Edison, which is an electricity provider. During the summer, if there is a heat wave, there is a setting that users can opt into that raises the thermostat’s temperature setting so that the air conditioner isn’t going at max. This takes load off of the electric grid and helps prevent blackouts or brownouts, Sullivan explained. It also gives participating consumers a discount on their electric bill, so it benefits the consumer as well as the city.
“I think that those are really going to be the major types of very interesting and compelling innovations as people figure out how to connect more and more things,” said Sullivan.
“I think there’s still a bunch of terrible products that are Internet-connected and have no reason to be Internet-connected, but I also think there’s a lot of really valuable applications, particularly in industrial and agriculture,” said Sullivan. “For example, the ability to put out remote cameras or remote sensors that are solar powered and talk back to a grid. You can do a lot of really interesting analysis of data or anemometers for really granular wind measurements across farms. There’s a lot of really interesting, but I guess what we would consider more boring or mundane applications of the technology, and by connecting smart sensors back to the Internet or to a grid, you can do a lot of really really interesting things that were just not possible 10 years ago.”
Advances in edge computing will also enable more use cases for IoT deployments. “We don’t want to have to send data to the cloud or to a remote data center before you can act on it,” said Paul Miller, senior analyst at Forrester. “It might be out on an oil rig or halfway up a mountain in a wind farm and in those sorts of situations, you may not have the bandwidth to send data back and forth, so we are seeing a lot of thinking in this space around working out exactly what you need to process locally, what you need to transmit somewhere else, and understanding how those play together.
IoT is the next digital transformation
With IoT, the industry is going through yet another digital transformation, Baker explained. Now that organizations have already adopted cloud computing, they are looking at data more holistically and want to enrich that data with what others are doing in the industry. “It might sound ridiculous to have a smart fridge that can auto-order groceries for you or other things like that, but there’s also real-world applicability to some problems that can be solved for peoples’ day-to-day lives,” he said.
According to data from Forrester, last year 36 percent of enterprises were either implementing or expanding their IoT deployments. On top of that, 28 percent were planning on implementing IoT in the next 12 months. Combining those numbers together, 63 percent of enterprises are either doing IoT or at least planning on it in the next year, Miller explained.
According to Miller, the largest industry segment for IoT at the moment is in the industrial products space. Forty-five percent of respondents in the industrial sector are already implementing IoT, while pharmaceuticals and medicine are next on the list.
Miller believes that the oil and gas industry will see an increase in IoT very soon. Currently, only about 32 percent are implementing IoT, but 42 percent plan on implementing over the course of the next year. “There’s a lot of interest and a lot of ground being laid to move quite quickly in the oil and gas space and start doing things at scale,” said Miller.
Miller believes there is an increased interest in gathering analytics and insights on IoT devices. Initially, the focus for IoT was just to get the machines connected up and working in the first place. Now, there is an interest in actually adding an intelligent layer on top and enabling things such as predictive maintenance or predictive scheduling, he explained.
“Just connecting things to the Internet on its own doesn’t actually deliver much value,” said Miller. “It’s taking this bigger step and thinking about the business value you’re trying to deliver, thinking about analytics, thinking about how it possibly changes the business model or an interaction with an end user. And that I think is where the conversation really needs to move more and more.”
Miller predicts that organizations will more often begin to scale out their IoT deployments. Currently, many IoT deployments, especially in the industrial sector, are pilots or proof-of-concepts, which are often very small and localized. For example, an individual plant manager or individual production line manager may use IoT to gain visibility into “their own little bit of the world,” Miller explained.
“But actually as we start to look at some of the bigger opportunities around analytics, around machine learning, around prediction and predictive maintenance for example, then you really have to start moving out of the small proof-of-concepts, the small pilot, and actually have to start bridging the divide between the operational side of an organization and the IT side of the organization,” said Miller. “And we’re seeing a huge amount of focus on that at the moment. Sometimes it’s talked about at this IT/OT divide. And we’re going to have to work out how to bridge that if these IoT deployments are going to scale beyond the pilot to actually become something useful that delivers real business value, because you’re going to have to connect in all these other business systems outside the factory itself.”
Privacy concerns aren’t really impacting broad IoT adoption
If you talk to someone in the security community or someone knowledgeable about technology, they may express concern over putting Internet-connected devices in the home. But, Sullivan believes they are a vocal minority compared to the rest of the population.
Sullivan believes that if American homes were polled, the majority of them would already have an IoT-type device in their house that they don’t even realize is an IoT device. For example, smart scales that send your weight or body fat percentage to some software when you step on them, or even smartwatches that have their own chips in them, such as Apple Watches.
“People have already kind of let this stuff into their home,” said Sullivan. “You’ve already got cell phones which are always on, always connected, microphone/camera enabled devices. And I think you heard similar concerns when smart phones really arrived — that it was too powerful or too much access was provided to Google or Apple. I think a lot of the arguments are kind of similar for the Alexas and the Google Homes. I think we’ll get over that hurdle pretty soon.”
According to Reggie Best, president of Lumeta, a FireMon company, which specializes in helping organizations manage security policies, privacy concerns are not really driving people away from IoT. “I think there are factions within organizations that are concerned about it, but I would say that those projects are happening anyway.” He likens it to the concerns around cloud when people were first getting onboard with that, or the concern when PCs first started entering businesses.
Security is still a concern for IoT
According to Eilon Lotem, CTO of SAM Seamless Network, there are three main security issues currently impacting IoT: zero visibility, lazy consumers and unaware vendors, and exponential growth.
The first problem is that there is no monitoring or auditing mechanisms inherently in IoT. As a result, when data breaches happen, the users and vendors have no visibility into what is happening, and therefore do not know who or what they are trying to protect against, Lotem explained.
Second, customers are willing to buy devices that do not have built-in security. IoT device manufacturers are trying to maximize profits, which means they will not place much value on securing devices. “The average human behaves in such a way that they first act on their emotions and desires and then think about the consequences of them,” Lotem said. “For example, when a child asks his parents to buy a cool smart speaker as a Christmas gift, how many parents first consider the potential security risks involved in that purchase? Regarding organizations, it is primarily an issue of cost. If IoTs can save on operational costs or increase revenue, the more probability there will be that organizations will adopt IoT first and then consider the security second. In both cases, we feel privacy concerns will not affect IoT adoption.”
In fact, Baker believes that the desire to create good experiences may be negatively impacting security. When customers go to set up a new device, they don’t want to have to go through a lot of steps to get it set up. “I mean, consumers, when you buy things want to just plug them in and have them work, right, pretty easy, simple setup,” he said. “So when you do add those additional security layers and it’s more complex for the average person to set up, you might get those things like poor Amazon reviews or things like that. So I think it’s a balance for IoT providers and IoT creators of devices to balance the complexity of how secure setup should be vs what are consumers going to want to access.”
Finally, as the number of IoT devices grows, the attack surface also grows, especially when IoT vendors are trying to maximize their profits and not making security a priority, Lotem explained.
However, Miller believes that IoT security is improving. “We’re seeing far fewer examples of IoT devices going out into the field that have a hard-coded default password,” he said.
The increased security is a result of two different factors. “Partly we’re seeing better consideration of security in the products themselves,” Miller explained. “And partly we’re seeing growing awareness and growing understanding amongst those organizations that are actually deploying this stuff that they actually need to think through some of these issues.”
Best practices for securely connecting IoT devices
One major security concern is that these devices have a connection back to their cloud or provider, Baker explained. An attack like a DNS hijack or a cloud server compromise could allow an attacker past your security stack, using the persistent connection from the device to the cloud. Something as seemingly innocent as a smart fridge could be opening your network up to vulnerability. “All it takes is one device to compromise what’s on your network and then they can learn more about getting into the rest of the devices on your network,” said Baker.
“The vendors have to be accountable for securing everything from your home, all the way through… I would say that any responsible company putting things into the market, security should be baked into their design process,” said Baker.
Baker recommends that consumers have segregated networks in their home to protect themselves. Consumers should have a network for their personal devices, one for IoT devices, and a guest network. “All of your IoT devices live on their own connections so that way if somebody was to expose or breach one of those, they wouldn’t have the ability to get in to where all your normal personal data exists,” said Baker.
For companies, Baker recommends that the IoT network be treated as “untrusted” and only allow IoT device activity. Companies should also be limiting peer-to-peer activity as much as possible.
The future looks bright for IoT
“There’s a lot of talk now about the conjoining of cloud infrastructures and IoT, and I expect those to be used kind of in tandem, particularly as we start getting to more autonomous transportation systems and citywide innovative infrastructures like light control systems and so forth,” said FireMon’s Best. “That whole combination of cloud and IoT is an important emerging kind of area that will be a lot more talked about over the coming few years.”
Baker believes that we’ll start to see manufacturers add different devices to have a portfolio of smart devices that can share information among them on a home network. We’re already seeing that with devices connected to Google Home or Alexa, but Baker believes more industries and manufacturers will follow suit.
“IoT will become a big part of life, impacting dramatically the way we communicate, behave and think,” said Lotem. In addition, there will be a race to control the IoT market that might cause havoc because of a lack of device management that may bring “greater security risks and less protection.”
Baker predicts that there will be more targeted attacks against IoT devices as more people adopt them and have them in their homes. However, he also believes that manufacturers will look for ways to secure their devices to protect against those attacks.