The Internet of Things (IoT) has the promise to make everything more intelligent and efficient. Smart grids, smart meters, smart refrigerators and smart cars are just some examples that get mentioned in just about every article that gets written about IoT. But while compelling applications and innovations can come from the IoT, CIOs continue to have two legitimate major areas of concern when thinking about how the mechanics of IoT will affect their organizations: storage and security.
Handling the sheer quantity of data
It’s a well-known fact that it’s difficult for the human brain to accurately understand really, really large numbers. But there’s no getting around the fact that large numbers are needed to establish the context of IoT. According to Cisco, currently there are 10 billion things – phones, PCs, things – connected to the Internet. That sounds like a lot, right? But that is 600ths of one percent of the actual devices and things that exist right now. There are over one trillion devices out there right this very minute that are not talking to the Internet – but soon enough they will be.
In a world where, according to IBM, a connected car can generate 25 GB of data every hour, CIOs must immediately make plans to house the giant hurricane of data coming their way. Even if your business has nothing to do with the automotive industry, it will probably end up talking to something. And although storage is cheap these days compared to historical averages, the sheer quantity of data being generated is unprecedented in computing history.
“The impact of the IoT on storage infrastructure is another factor contributing to the increasing demand for more storage capacity, and one that will have to be addressed as this data becomes more prevalent,” according to a Gartner report on the IoT and the datacenter. “The focus today must be on storage capacity, as well as whether or not the business can harvest and use IoT data in a cost-effective manner,” the report continues.
CIOs need to develop strategies of dealing with this. Aspects of this impending data avalanche to consider include:
- How to store the data when it initially comes in. You’re probably going to receive data from IoT devices in a variety of formats, both structured and unstructured. How will you store it? Will you just write it to disk in the format it comes in and figure it out later? Will you set up a Hadoop online instance to process this data? Will you make it available hourly, daily, weekly or on some other interval?
- How to categorize and classify the data you receive. You may not care about all of the data that you’ll be receiving every hour from every device. But then again, the part of the data you’re not interested in today may be the key to an undiscovered insight for tomorrow. How will you develop classification systems? Will you retain some data you classify as immediately relevant in an online, on demand way and then archive the raw data later? How often will you review your results and your classifications to make sure they stay in line with your expectations?
- How long you should retain this data. Will you need to figure out what happened with any given connected device or sensor at some random time on any given day of the week in 10 years’ time? At some point you have to make some record retention decisions: if nothing else, your attorneys will make you do it. But you need to figure out how long to keep stuff, and in what forms. Will you summarize data at the end of the year? Will you do a rollup of sorts? Will you archive some data to the cloud so that it’s someone else’s problem to store, and you’ll just pay the bill?
- How you should securely dispose of this data. With the advent of IPv6, there are enough addresses to give every atom on Earth 100 IPv6 numbers, so in the future there won’t be any need to masquerade addresses. We will be able to identify every device, which means that there are security and privacy concerns that need to be addressed when you discard data with that sort of trackable information in it. What is your plan there?
Security is still a series of open-ended questions
The security of connected devices themselves is important, of course, but perhaps even more crucial is the security of the network and the platform to which those devices are connected.
Most CIOs will deal with the first phase of the Internet of Things by investing in and deploying a platform. Any number of them exist, but the one getting the most buzz right now seems to be Google’s Brillo product, along with the AllJoyn platform from Qualcomm and the platform created by the Industrial Internet Consortium.
The idea behind a platform, among other things, is to quickly create the sort of massive device network you need to do interesting IoT related tasks by automatically letting joined devices see the network and talk to the network as well as, in some cases, each other. A bunch of chatty devices is one problem, but what happens when there’s a breach or a vulnerability? How quickly might an unmitigated exploit travel across the device network? What sorts of risks are there to the sensor data, activity data and transmission of that data should an error occur? What sorts of protections are built into the sharing and connectivity protocol such that transmissions are secure, encrypted and not vulnerable to man in the middle and other attacks? How will you integrate security on the IoT platform with existing security products, policies, and procedures that you have in place in your organization today?
[Related: Experts to IoT makers: Bake in security]
“Current IoT security is where the internet was in 1984 – no baked-in security, encryption or authentication,” says Raj Goel, CTO of Brainlink International, a consultancy in New York. “Adding IoT to a developers' resume does not magically make them competent, secure developers. Large developers haven't been able to build and sell secure home routers (which have far more CPU, RAM and capabilities than IoT devices), so I have far less faith in the competency of IoT lightbulbs, plant feeders, TVs or fridges.”
Goel’s point about faith in the system is well-taken. There aren’t many people in the IT industry that’ve attempted to manage networks with the sheer number of devices connected to them that an IoT-style network portends. To that end, there also aren’t many IT pros that’ve constructed network solutions of this scale with security in the forefront of their architecture and design.
Inexperience with creating a large platform with security in mind and inexperience deploying a mass network of devices in a secure way could create a recipe for major breaches and security issues. The IoT is very much a greenfield area in IT. It not only presents a ton of organic application opportunity, it also offers a chance to design and architect solutions with security integrated right from the start, rather than as a bolt-on sort of feature that checks off a box in future iterations.
CIOs need to be mindful of this issue as they make plans for the future, of course. But they also have a chance to hold vendors’ feet to the fire and ensure security is a well thought-out first-class citizen of the IoT platform they decide to deploy in their organization.
This story, "Why CIOs should worry about the Internet of Things" was originally published by CIO.