Internet of Things technologies are emerging in the global marketplace with full force. For the past two years, the IoT has more than earned its titled – bestowed by Gartner – of the most hyped technology out there. One key reason behind all the hype is that "IoT" doesn't refer to a single technology – instead, it encompasses all products that are network connected, and therefore able to transmit and receive data. This makes the IoT a massive market indeed, and one in which companies across industrial sectors can participate. Here are only a few of the IoT devices to hit the market recently:
- Pebble smartwatch: While the Apple Watch gained a lot of attention when it came out, some people noted that the device – which features a square construction – goes against the grain in terms of the typical watch shape, which is round. But for customers looking to preserve the traditional aesthetic of the watch while benefiting from smart features, the new Pebble smartwatch offers a solution. The device is thin and round, and, at $249, it's much cheaper than the Apple Watch, which starts at a retail value of $549.
As The Verge pointed out, the developers behind the design of Pebble's Time Round had some obstacles to surmount, since the square pegs that go into making a smartwatch fit in much better in an overall square construction. Because it won't be widely available until November 8, widespread appraisal of how it compares to its competitors – primarily the Apple Watch – will have to wait until then. However, initial photos of the Time Round highlight the device's sleek design, which is illustrative of how various IoT product creators are attempting to give these devices a seamless appearance that fits in well with existing technology.
- Smart shoes: Like watches, shoes are items that must not only be functional, but in most cases, stylish as well. But when it comes to producing shoes that are both stylish and IoT-fueled, that creates a challenge for developers. As far as intelligent shoes go, there hasn't been one company that's cornered the market on them so far. A few year's back, Nike released sneakers with Bluetooth smart sensors. But while this move was stated to have "big implications," the buzz around the shoes died out pretty quickly.
These days, the smart shoe hasn't left the market, but it is not occupying the prominent position that industry analysts projected it would a few years back. In a piece published in late August called "The rise and fall of the smart shoe," Wearable's Kieran Alger reflected on the pair of 2012 smart Nikes in his closet, writing that, "The crumpled Nikes I'm about to throw out suggest that future isn't quite here yet."
But just because Nike might not be at the forefront of smart shoe design doesn't mean the concept isn't gaining steam. In Germany, for instance, researchers have undertaken an effort to develop smart shoes that serve as "energy harvesters." Basically, the way the shoes will work is that they'll be equipped with shock and spring harvester generators which turn the steps wearers take into energy that can be put toward powering your various electronic devices. As a tech idea, this is a highly promising one, since it could play an important role in energy conservation.
Devices like the smart shoe and watch illustrate that IoT technologies can take practically any form. This is the reason why a perusal of various Kickstarter and Indiegogo campaigns today will reveal countless efforts toward building IoT devices. After all, it's a huge emerging market, and the possibilities are endless. But so are the security vulnerabilities, which brings up an important question: As IoT tech begins to proliferate the mainstream marketplace, whose responsibility is it to keep it secure?
A security question
When it comes to companies like computer and smartphone developers, there's a reasonable expectation that those businesses will take steps to equip their technology with a baseline level of security. Sure, as a user it's still important to implement defensive solutions, but oftentimes the onus of general security falls on the vendors. However, it doesn't look like this will be the case for IoT devices.
Recently, the FBI put out a public notice entitled "Internet of Things Poses Opportunities for Cybercrime." In it, the bureau spelled out some of the risks that emerge as a result of IoT technologies hitting the marketplace. Among the primary risks identified by the FBI were:
- Password exploitation
- Device overload
- Opportunities for physical harm
While those first two risks are ones that can be applied to regular computing devices, the third – physical harm – is something that is particularly concerning with regard to IoT devices. If you're driving a smart car, for instance, and the vehicle gets overtaken by a remote hacker, that creates the type of situation that can endanger your life and the lives of others. And as far as the types of attacks that can put people in physical danger, these incidents are very real, as evidenced by a story in which security researchers were able to remotely take over a smart vehicle.
Here's another possible situation, as spelled out in the FBI's release: "Criminals can … gain access to unprotected devices used in home health care, such as those used to collect and transmit personal monitoring data or time-dispense medicines. Once criminals have breached such devices, they have access to any personal or medical information stored on the devices and can possibly change the coding controlling the dispensing of medicines or health data collection. These devices may be at risk if they are capable of long-range connectivity."
This is a very frightening scenario, but as users, we can rely on vendors to develop more sophisticated means of protection – right? The FBI doesn't appear to think so. As ZDNet pointed out in an article about the FBI's announcement, the bureau only outlined security recommendations for consumers – not vendors. These recommendations – which include "Isolate IoT devices on their own protected networks," "When available, update IoT devices with security patches," and "Ensure all default passwords are changed to strong passwords" – seem to suggest that it's the FBI's position that the onus of IoT device security falls on the individual user. For companies looking to incorporate such devices into their network, this is the kind of news that could give them pause.
The workplace: An IoT environment?
With the FBI's announcement not outlining any security recommendations for IoT tech vendors, the question of how enterprise-bound IoT tech will remain secure is still very much up in the air. This means that companies looking to integrate IoT devices – which one in ten enterprises are doing already – need to approach the possibility with caution and consider all the elements that are involved. According to a March news release from Trend Micro, these are some of the things businesses need to be thinking about when looking to incorporate IoT within the network:
- Be especially mindful of personal IoT devices: IoT mechanisms in the workplace may be a relatively new concept, but the idea of bring your own device is not. Among businesses, there's a huge trend toward allowing employees to use their personal devices for enterprises. While this is largely a good step that has shown the ability to drive up productivity, BYOD has also been a realm of increased vulnerability, since employee personal devices are inherently more susceptible to intrusion.
When you take the principle of BYOD and apply that to IoT devices, this merging of two platforms that are vulnerable in terms of security has the potential to create real issues in terms of overall business security. Say, for instance, that an employee has a smart watch that is connected to the company network, and then takes that watch off when he or she goes to the gym. That time period where the watch is in the locker is a moment of significantly heightened vulnerability – and if the watch somehow manages to get lost, then that will threaten enterprise security even more. Because employee IoT devices will become a convenient attack vector for cyber criminals, the responsibility falls on companies to keep a keen eye on personal IoT mechanisms in the network, and to implement defensive strategies that protect against the loss or hacking of a personal device.
- Anticipate IoT taking a toll on business resources: There aren't too many businesses out there with a lot of disposable money to spend on pursuing new enterprise options. For this reason, it's important to note that IoT devices will present a drain on resources for companies, particularly if business IT departments aren't prepared to handle the influx of IoT tech into the corporate environment. Therefore, it's becoming increasingly important for company IT departments to ensure that their staffers are educated in the fundamentals of IoT tech deployments, and what that means for businesses. While IoT tech will definitely require a chunk of company resources, the amount can be less significant if a business is prepared to integrate the technology. The capacity for seamless integration of new business solutions begins with a prepared workforce, which is why equipping IT staffers with IoT knowledge is so vital.
- Expect complexity in terms of data recording: As we've established, the push toward office IoT deployments comes after the widespread move toward BYOD, and as such, businesses can expect employees to want to use their personal IoT devices for company network connectivity. But in order for this to happen in a safe manner, IT departments need to ensure that they're tracking the inflow and outflow of data with regard to those devices.
As Trend Micro pointed out in its article, this will likely create a challenge that IT departments will need to face in terms of the nature of information that is gathered. An employee's smart watch that's connected to the company network, for instance, will need to be monitored by company IT in some way. But if that smart watch is also playing a role in compiling data that's highly individualized to the user and therefore private – such as sleep patterns and other health-related information – this is not the kind of information that staffers will want IT departments to be monitoring.
In this way, the integration of IoT tech – and particularly employee IoT devices – into the workplace calls for IT workers to develop strategies that account for the security needs of the business as a whole while also providing for the individual security expectations of every worker. The imperative to develop a policy that walks this line in a way that serves the needs of both enterprise and employee security is another key reason why IT leaders and staffers need to be educated in the fundamentals of IoT computing and its associated security concerns.
While the IoT is paving a path to more convenient business, it's introducing many new security threats into the equation as well. And as the FBI report illustrates, the expectations of IoT vendors in terms of security basically don't exist right now. This means that individuals and businesses looking to harness IoT tech have to be mindful of security. As the push toward enterprise IoT mounts, businesses can better equip themselves by following these preliminary steps:
- At the administrative level, evaluate different IoT technologies and determine which hold promise in your workplace, factoring in the security concerns of each.
- Hold staff-wide conversations about your business's commitment to tech improvements, but use these meetings to also highlight the security challenges that arise with the greater push toward BYOD and IoT.
- Ensure that IT departments get specialized training in IoT tech advancements, and are kept up-to-date about security expectations for this technology.
- Don't consider hasty deployment of any single IoT technology. Instead, make sure that the vetting process for IoT deployments is a thorough one that considers not only business utility, but potential vulnerabilities and threats as well.
To maximize results with IoT tech – and not create more vulnerabilities – users can start by making sure they are protecting their devices.