Why CIOs should worry about the Internet of Things

29.09.2015
The Internet of Things (IoT) has the promise to make everything more intelligent and efficient. Smart grids, smart meters, smart refrigerators and smart cars are just some examples that get mentioned in just about every article that gets written about IoT. But while compelling applications and innovations can come from the IoT, CIOs continue to have two legitimate major areas of concern when thinking about how the mechanics of IoT will affect their organizations: storage and security.

It’s a well-known fact that it’s difficult for the human brain to accurately understand really, really large numbers. But there’s no getting around the fact that large numbers are needed to establish the context of IoT. According to Cisco, currently there are 10 billion things – phones, PCs, things – connected to the Internet. That sounds like a lot, right But that is 600ths of one percent of the actual devices and things that exist right now. There are over one trillion devices out there right this very minute that are not talking to the Internet – but soon enough they will be.

In a world where, according to IBM, a connected car can generate 25 GB of data every hour, CIOs must immediately make plans to house the giant hurricane of data coming their way. Even if your business has nothing to do with the automotive industry, it will probably end up talking to something. And although storage is cheap these days compared to historical averages, the sheer quantity of data being generated is unprecedented in computing history.

“The impact of the IoT on storage infrastructure is another factor contributing to the increasing demand for more storage capacity, and one that will have to be addressed as this data becomes more prevalent,” according to a Gartner report on the IoT and the datacenter. “The focus today must be on storage capacity, as well as whether or not the business can harvest and use IoT data in a cost-effective manner,” the report continues.

[Related: GE cloud could make sense of massive IoT data storm]

CIOs need to develop strategies of dealing with this. Aspects of this impending data avalanche to consider include:

The security of connected devices themselves is important, of course, but perhaps even more crucial is the security of the network and the platform to which those devices are connected.

Most CIOs will deal with the first phase of the Internet of Things by investing in and deploying a platform. Any number of them exist, but the one getting the most buzz right now seems to be Google’s Brillo product, along with the AllJoyn platform from Qualcomm and the platform created by the Industrial Internet Consortium.

The idea behind a platform, among other things, is to quickly create the sort of massive device network you need to do interesting IoT related tasks by automatically letting joined devices see the network and talk to the network as well as, in some cases, each other. A bunch of chatty devices is one problem, but what happens when there’s a breach or a vulnerability How quickly might an unmitigated exploit travel across the device network What sorts of risks are there to the sensor data, activity data and transmission of that data should an error occur What sorts of protections are built into the sharing and connectivity protocol such that transmissions are secure, encrypted and not vulnerable to man in the middle and other attacks How will you integrate security on the IoT platform with existing security products, policies, and procedures that you have in place in your organization today

[Related: Experts to IoT makers: Bake in security]

“Current IoT security is where the internet was in 1984 – no baked-in security, encryption or authentication,” says Raj Goel, CTO of Brainlink International, a consultancy in New York. “Adding IoT to a developers' resume does not magically make them competent, secure developers. Large developers haven't been able to build and sell secure home routers (which have far more CPU, RAM and capabilities than IoT devices), so I have far less faith in the competency of IoT lightbulbs, plant feeders, TVs or fridges.”

Goel’s point about faith in the system is well-taken. There aren’t many people in the IT industry that’ve attempted to manage networks with the sheer number of devices connected to them that an IoT-style network portends. To that end, there also aren’t many IT pros that’ve constructed network solutions of this scale with security in the forefront of their architecture and design.

Inexperience with creating a large platform with security in mind and inexperience deploying a mass network of devices in a secure way could create a recipe for major breaches and security issues. The IoT is very much a greenfield area in IT. It not only presents a ton of organic application opportunity, it also offers a chance to design and architect solutions with security integrated right from the start, rather than as a bolt-on sort of feature that checks off a box in future iterations.

CIOs need to be mindful of this issue as they make plans for the future, of course. But they also have a chance to hold vendors’ feet to the fire and ensure security is a well thought-out first-class citizen of the IoT platform they decide to deploy in their organization.

(www.cio.com)

Jonathan Hassell

Zur Startseite