The Internet of Things: A New World Order (2)

Read the first part of the article

The Internet of Data

The principles behind the IoT are no doubt sound enough. Cloud computing grows more sophisticated every day, along with the web services that help make all the pieces fit together, and we’ve barely gotten started on building intelligent devices ready to be connected. Indeed, the Internet itself is defined by its unprecedented adaptability. But missing from much of the IoT discussions are details about what will be done with all the data. Imagine the amount of information generated by trillions of devices and sensors sending data to the services that support them. 

Then add in the data flowing between devices and services, the data needed to keep the infrastructures in place, and the data needed to perform reliable analytics on the systems, services, and data being collected. 

According to the article “Internet of Things (IoT): What it is and why it matters,” published by the SAS Institute, a tremendous amount of data is already being generated by connected systems:
– An oil and gas drilling platform can generate 8 terabytes of data per day.
– An aircraft can generate 40 terabytes of data per hour.
– An automobile can generate a gigabyte of data per second.

The IoT makes it possible to collect data from a wide range of sources from just about anywhere at any time, but that data must be transferred, stored, organized, classified, and managed at every step of the way. Many organizations will also want to analyze the data in real-time as it flows into their systems so they can better understand what just happened, what’s about to happen, and what can be done to affect what happens, turning data into an even more value commodity, but adding to the complexity of data management and analytics. 

The IoT is, in fact, all about the data. And that presents an assortment of challenges. Massive quantities of data will have to be processed and analyzed in real-time. Systems will have to be put into place to ensure that server, network, and storage resources can accommodate the quantity and variety of that data. Controls will have to be enacted to secure and protect the data wherever it resides. Yet no standards have emerged to facilitate multi-service communications or to handle and secure data from disparate sources. 

Until such standards emerge, solutions will remain proprietary and difficult to integrate with one another, resulting in redundant and conflicting data as well as specialized implementation and management needs for each solution. 

An organization relying on a single solution that connects devices into a unified system, where all the pieces have been orchestrated to work together, might do okay in the short term. But what happens when one or more of the components within that system need to be updated or replaced? What about organizations trying to manage multiple IoT systems? Do they need to support different platforms for each one? 

What if they want to interconnect those systems? The flexible and elastic nature of the IoT is a curse and a blessing. The IoT promises to make just about any type of intelligent connectivity possible, but this connectivity also creates a delicate web of dependencies that require a careful touch, and at the heart of those dependencies is the data, mountains and mountains of data, more than we can begin to imagine. 

The Internet of Fear

Moving and managing and analyzing the data are only part of the IoT equation. According to a 2014 HP report, “Internet of Things Research Study,” currently implemented IoT solutions already represent significant security concerns:
– 70% enable an attacker to identify valid user accounts.
– 70% use unencrypted network services.
– 80% fail to require passwords of sufficient complexity and length.
– 6 out of 10 user interfaces are susceptible to such vulnerabilities as persistent XSS attacks.

Although the HP report focuses on consumer-facing IoT, it points to the fact that a single vulnerability anywhere in an IoT solution can put an entire system at risk, and because many IoT solutions rely on cloud services, the risks can extend even further, facilitating attacks not only individuals but also on related systems or even unrelated systems, depending on what data has been compromised. 

The lack of security on consumer-facing IoT solutions can put credit cards, bank accounts, cars, homes, and even individuals at risk. Imagine an IoT solution that monitors a user’s location via a mobile device and then uses that information to control settings such as lighting and temperature in the home. If criminals can intercept that information, they can determine when the house will be empty and safe to invade. 

Even more frightening is the idea that such information can be used to stalk or attack an individual. The enterprise too must be wary when implementing IoT solutions. The quantity and complexity of data can increase security challenges significantly. Sensitive information can easily be compromised, leading to the loss of credibility and hefty financial consequences. Even if the data lands in a competitor’s hands, and not into those of the typical cybercriminal, the results can still be devastating, especially if the competitor is able to manipulate that data before it streams into the victim’s system. 

The IoT represents lots of moving parts, and the more parts, the greater the number of opportunities for security to be compromised. Because the IoT is still in its infancy, issues around security have much catching up to do, with many questions still unanswered. Having trillions of things talking to each other is one thing. The explosion of data that goes with it another. Securing all that data is a different story altogether.

The Internet of Abuse

In a press release issued by the FTC in 2015, announcing the release of its IoT report, FTC chairwoman Edith Ramirez is quoted as saying that the “only way for the Internet of Things to reach its full potential for innovation is with the trust of the American consumers.” Indeed, those entering the iOS arena will have to do a lot of trusting, regardless of the country in which they reside. 

The data being passed from device to device can include information about where people go, who they visit, what medications they’re taking, any health issues they have, their spending habits, travel schedules, how much they exercise, where they eat, the type of food they buy, and countless other bits of information. 

Assuming for a moment that the data can be adequately protected at every stage and kept out of the hands of the cyber-syndicate, questions still arise about who owns the data. Service providers might claim a legitimate right to access that data in the name of quality and management, but that also gives them the ability to profile the users generating the data, leading to the potential for privacy abuse on a massive scale. 

Health insurance companies can set premium rates based on perceived personal habits or health-related issues. Auto insurance companies can set car insurance rates based on what parts of the city you visit or the types of establishments you frequent. 

What about employers who base their hiring policies on what church you attend? Or credit card companies that set the card rates based on what you keep in your refrigerator and where you shop for groceries? How would you feel about being targeted by relentless ad campaigns because you drove by a shopping mall? 

The potential for abuse is enormous, yet few protections are in place, legal or otherwise, to ensure privacy in the face of the IoT onslaught. Unfortunately, consumers themselves might be more than willing to trade convenience for privacy, handing over any intimate detail that can be digitized, analyzed, and stored in order to feed the corporate appetite for amassing and controlling personal information on every possible characteristic and habit. 

With consumers willing to march to their own slaughter, the potential for profiling and discrimination and exploitation become more a reality every day. Not until their own medical records are used against will they care, and by then, it will be too late. 

The Internet of Change

The IoT is still an immature ecosystem, one that carries the potential for innovation and abuse. The lack of standards remains a significant challenge, so does a demonstrable methodology for scaling globally. 

Until these emerge, each industry and application will exist in its own silo, without a common language to facilitate communication and interoperability. Are all these challenges likely to turn back the tide? Probably not. 

Companies are investing in IoT big time. In 2014, Google jumped into the smoke alarm and thermostat market with the acquisition of Nest Labs for $3.2 billion. Samsung bought SmartThings for $200 million to get the company’s smart-home controllers. Cisco dropped $175 million to buy Tail-f, which produces network management tools that can support IoT scenarios. Intel spent $100 million to acquire Basis Science, a leader in wearable devices. And there were plenty of other acquisitions that year. Like it or not, the IoT is coming, despite a lack of consensus or standards or adequate protections. 

The potential for connecting devices across the worlds of both the enterprise and the consumer is too great to simply ignore. For many, the IoT represents unlimited possibilities-and the opportunities that go along with them. Even so, there’s plenty of proofing left to do before letting the IoT off its leash, or we’ll end up with windows opening during rainstorms, thousands of cars unlocking simultaneously, machinery shutting down because of an accident across town, or thermostats setting temperatures based on weather in another country. Yet the IoT will continue its march forward. It may morph into something entirely different and undergo a series of name changes, but the underlying concept of connectivity remains, and with it the endless streams of data that promise to either make life easier or turn it into a living hell.

yogaesoteric

April 21, 2019