The verdict is in. The Internet of Things, dubbed IoT by those in the know, is slated to be the next best thing since Microsoft Bob. With over 25 billion devices already connected around the globe, according to the US Federal Trade Commission (FTC), the IoT is expected to grow in leaps and bounds, as businesses continue to invest in connecting devices and the infrastructures necessary to keep them that way.
The timing couldn’t be better. Technological advances in web services and cloud computing provide fertile soils for IoT growth. Projections for the number of connected devices range in the trillions, with industries far and wide hedging their bets. Healthcare, automotive, robotics, home security, manufacturing, and personal fitness are but a sample of the IoT’s promised scope, and part of that promise is the potential for new jobs and greater productivity and piles and piles of windfall profits.
The only catch? We haven’t quite agreed on what IoT actually is. Lots of folks are talking about it, as well as blogging and tweeting about it, but they’re not necessarily referring to the same thing, and without a consensus, we’ll have a tough time implementing standards or protections or unified systems for managing the crushing influx of connected devices and all the data that comes with them.
The Internet of Things
The challenge in coming up with a unified definition of the IoT is that it can apply to such a wide range of devices and situations, whether consumer-facing or otherwise, leaving us to paint the IoT picture with exceptionally broad stokes. The FTC, in its January 2015 report “Internet of Things: Privacy & Security in a Connected World,” acknowledges that there is still no widely accepted definition of the IoT and offers its own interpretation: “devices or sensors-other than computers, smartphones, or tablets-that connect, communicate or transmit information with or between each other through the Internet.”
Although the FTC definition provides a reasonable starting point for describing the IoT, it fails to take into the account the infrastructure needed to support all that connectivity. For a more comprehensive picture, we can turn to a slightly different, but not inconsistent, description from the International Data Corporation (IDC), via the EMC-sponsored white paper “The Digital Universe of Opportunities: Rich Data and the Increasing Value of the Internet of Things.” The paper describes the IoT as a “network connecting-either wired or wireless-devices (things) that is characterized by automatic provisioning, management, and monitoring.” The paper then goes on to say that the IoT is innately analytical and integrated and includes intelligence systems and devices, along with “connectivity enablement, platforms for device, network and application enablement, analytics and social business, and applications and vertical industry solutions.”
That’s big, almost too big to get your arms around. From such a description, the IoT can refer to just about anything. For that reason, discussions around the IoT often focus on what it can do, rather than what it is or how to make it all work. On the consumer side, the IoT can connect our appliances, houses, cars, clothes, even our bodies. Business too can benefit from connecting mission-critical systems and operations in order to provide real-time intelligence and ongoing analytics. Governments can also use the IoT to augment such systems as air traffic control or environmental monitoring devices.
There does, in fact, appear to be few limitations on what the IoT will be able to do. Once all the pieces are in place-the IoT-enabled devices and sensors, the networks to connect them, and the systems to handle the data-trillions of “things” will be generating endless streams of data that will somehow be collected and managed and analyzed and used in ways we’ve barely begun to appreciate or understand. And that’s got CIOs wondering how these systems will be administered and secured, and agencies such as the FTC worrying about the future of privacy.
The Internet of More Things
Like many technological advances in recent years, IoT advocates are betting on the consumer to fuel much of the movement. That’s not to say the business side won’t take on an import role, but consumers will definitely play their parts. Already they’re wearing fitness bands and hooking their TVs to the Internet and having their hearts monitored remotely, all in the name of connectivity, and the trend is only likely to continue as technologies evolve and more and better devices make their way into people’s living rooms and their lives.
The key to the IoT’s potential is in its ability to connect multiple systems and use the shared data in meaningful ways, to a degree well beyond FitBit’s current capabilities of collecting and centralizing data. Imagine a system that uses your cell phone’s GPS to monitor your location, the local weather station to provide updated weather data, and devices within your home to manage thermostats, lights, and alarms. Such a system can sense when you’re within a few miles of home to adjust the thermostat, when you’re close to home to turn on the lights (but only at night or during inclement weather), and when you’re pulling into the driveway to turn off the house alarm. The system might even open your windows, depending on your preferences and the weather.
Here’s another possibility. You’re driving home and you receive a text from your refrigerator telling you you’re low on beer. Or your sprinkler system checks with the local weather station to determine whether to water the lawn, taking into account the time of day, the level of humidity and cloud cover, and the last time the lawn was watered. For the scenarios to work, all these “things” must be able to talk to all those other “things”-and that is the vision of the IoT.
The Internet of Industry
The potential for industry-and by extension governments and municipalities-is as great as it is for consumer-facing systems, and no doubt the two will feed into each other as the IoT technologies grow more robust and ubiquitous. With this growth come promises of new markets, new jobs, new ways of doing business, new everything.
Yet pigeonholing industrial IoT is no easier than doing so on the consumer side. The EMC/IDT white paper points to five ways the IoT can create opportunities for business:
- Implementing new business models that create customer value streams, speed time to market, and respond more rapidly to customer needs.
- Capturing real-time data on mission-critical systems.
- Diversifying revenue streams and monetizing additional services.
- Providing end-to-end insight into business systems that span the globe.
- Accessing information from autonomous endpoints in order to make on-the-fly decisions.
A business can, for example, track the supply chain from one end to the other or make on-the-spot decisions about pricing and sales based on real-time data. A manufacturing company can use sensors to monitor machinery in order to detect system failures, track performance, or preempt maintenance issues. An energy company can monitor its power grids to improve services, make better use of resources, detect outages and potential problem areas, or assist field workers repairing complex systems. A city can connect its transportation systems to better track locations, maximize traffic flow, reduce fuel consumption, control speeds, and provide real-time traffic conditions to commuters.
The possibilities of IoT are limitless, applying to anything from agriculture to telecommunications to air travel to robotics. Wherever sensors can be slipped into or slipped on, the IoT can be there to provide an intelligent network for linking devices and machines and other objects in a variety of ways in a myriad of circumstances-at least that’s what all the IoT enthusiasts are telling us.
The Internet of Data
The principles behind the IoT are no doubt sound enough. Cloud computing grows more sophisticated every day, along with the web services that help make all the pieces fit together, and we’ve barely gotten started on building intelligent devices ready to be connected. Indeed, the Internet itself is defined by its unprecedented adaptability. But missing from much of the IoT discussions are details about what will be done with all the data.
Imagine the amount of information generated by trillions of devices and sensors sending data to the services that support them. Then add in the data flowing between devices and services, the data needed to keep the infrastructures in place, and the data needed to perform reliable analytics on the systems, services, and data being collected.
According to the article “Internet of Things (IoT): What it is and why it matters,” published by the SAS Institute, a tremendous amount of data is already being generated by connected systems:
- An oil and gas drilling platform can generate 8 terabytes of data per day.
- An aircraft can generate 40 terabytes of data per hour.
- An automobile can generate a gigabyte of data per second.
The IoT makes it possible to collect data from a wide range of sources from just about anywhere at any time, but that data must be transferred, stored, organized, classified, and managed at every step of the way. Many organizations will also want to analyze the data in real-time as it flows into their systems so they can better understand what just happened, what’s about to happen, and what can be done to affect what happens, turning data into an even more value commodity, but adding to the complexity of data management and analytics.
The IoT is, in fact, all about the data. And that presents an assortment of challenges. Massive quantities of data will have to be processed and analyzed in real-time. Systems will have to be put into place to ensure that server, network, and storage resources can accommodate the quantity and variety of that data. Controls will have to be enacted to secure and protect the data wherever it resides. Yet no standards have emerged to facilitate multi-service communications or to handle and secure data from disparate sources.
Until such standards emerge, solutions will remain proprietary and difficult to integrate with one another, resulting in redundant and conflicting data as well as specialized implementation and management needs for each solution. An organization relying on a single solution that connects devices into a unified system, where all the pieces have been orchestrated to work together, might do okay in the short term. But what happens when one or more of the components within that system need to be updated or replaced? What about organizations trying to manage multiple IoT systems? Do they need to support different platforms for each one? What if they want to interconnect those systems?
The flexible and elastic nature of the IoT is a curse and a blessing. The IoT promises to make just about any type of intelligent connectivity possible, but this connectivity also creates a delicate web of dependencies that require a careful touch, and at the heart of those dependencies is the data, mountains and mountains of data, more than we can begin to imagine.
The Internet of Fear
Moving and managing and analyzing the data are only part of the IoT equation. According to a 2014 HP report, “Internet of Things Research Study,” currently implemented IoT solutions already represent significant security concerns:
- 70% enable an attacker to identify valid user accounts.
- 70% use unencrypted network services.
- 80% fail to require passwords of sufficient complexity and length.
- 6 out of 10 user interfaces are susceptible to such vulnerabilities as persistent XSS attacks.
Although the HP report focuses on consumer-facing IoT, it points to the fact that a single vulnerability anywhere in an IoT solution can put an entire system at risk, and because many IoT solutions rely on cloud services, the risks can extend even further, facilitating attacks not only individuals but also on related systems or even unrelated systems, depending on what data has been compromised.
The lack of security on consumer-facing IoT solutions can put credit cards, bank accounts, cars, homes, and even individuals at risk. Imagine an IoT solution that monitors a user’s location via a mobile device and then uses that information to control settings such as lighting and temperature in the home. If criminals can intercept that information, they can determine when the house will be empty and safe to invade. Even more frightening is the idea that such information can be used to stalk or attack an individual.
The enterprise too must be wary when implementing IoT solutions. The quantity and complexity of data can increase security challenges significantly. Sensitive information can easily be compromised, leading to the loss of credibility and hefty financial consequences. Even if the data lands in a competitor’s hands, and not into those of the typical cybercriminal, the results can still be devastating, especially if the competitor is able to manipulate that data before it streams into the victim’s system.
The IoT represents lots of moving parts, and the more parts, the greater the number of opportunities for security to be compromised. Because the IoT is still in its infancy, issues around security have much catching up to do, with many questions still unanswered. Having trillions of things talking to each other is one thing. The explosion of data that goes with it another. Securing all that data is a different story altogether.
The Internet of Abuse
In a press release issued by the FTC earlier this year, announcing the release of its IoT report, FTC chairwoman Edith Ramirez is quoted as saying that the “only way for the Internet of Things to reach its full potential for innovation is with the trust of the American consumers.” Indeed, those entering the iOS arena will have to do a lot of trusting, regardless of the country in which they reside. The data being passed from device to device can include information about where people go, who they visit, what medications they’re taking, any health issues they have, their spending habits, travel schedules, how much they exercise, where they eat, the type of food they buy, and countless other bits of information.
Assuming for a moment that the data can be adequately protected at every stage and kept out of the hands of the cyber-syndicate, questions still arise about who owns the data. Service providers might claim a legitimate right to access that data in the name of quality and management, but that also gives them the ability to profile the users generating the data, leading to the potential for privacy abuse on a massive scale.
Health insurance companies can set premium rates based on perceived personal habits or health-related issues. Auto insurance companies can set car insurance rates based on what parts of the city you visit or the types of establishments you frequent. What about employers who base their hiring policies on what church you attend? Or credit card companies that set the card rates based on what you keep in your refrigerator and where you shop for groceries? How would you feel about being targeted by relentless ad campaigns because you drove by a shopping mall? The potential for abuse is enormous, yet few protections are in place, legal or otherwise, to ensure privacy in the face of the IoT onslaught.
Unfortunately, consumers themselves might be more than willing to trade convenience for privacy, handing over any intimate detail that can be digitized, analyzed, and stored in order to feed the corporate appetite for amassing and controlling personal information on every possible characteristic and habit. With consumers willing to march to their own slaughter, the potential for profiling and discrimination and exploitation become more a reality every day. Not until their own medical records are used against will they care, and by then, it will be too late.
The Internet of Change
The IoT is still an immature ecosystem, one that carries the potential for innovation and abuse. The lack of standards remains a significant challenge, so does a demonstrable methodology for scaling globally. Until these emerge, each industry and application will exist in its own silo, without a common language to facilitate communication and interoperability.
Are all these challenges likely to turn back the tide? Probably not. Companies are investing in IoT big time. In 2014, Google jumped into the smoke alarm and thermostat market with the acquisition of Nest Labs for $3.2 billion. Samsung bought SmartThings for $200 million to get the company’s smart-home controllers. Cisco dropped $175 million to buy Tail-f, which produces network management tools that can support IoT scenarios. Intel spent $100 million to acquire Basis Science, a leader in wearable devices. And there were plenty of other acquisitions that year.
Like it or not, the IoT is coming, despite a lack of consensus or standards or adequate protections. The potential for connecting devices across the worlds of both the enterprise and the consumer is too great to simply ignore. For many, the IoT represents unlimited possibilities-and the opportunities that go along with them.
Even so, there’s plenty of proofing left to do before letting the IoT off its leash, or we’ll end up with windows opening during rainstorms, thousands of cars unlocking simultaneously, machinery shutting down because of an accident across town, or thermostats setting temperatures based on weather in another country. Yet the IoT will continue its march forward. It may morph into something entirely different and undergo a series of name changes, but the underlying concept of connectivity remains, and with it the endless streams of data that promise to either make life easier or turn it into a living hell.