If I didn't know any better, I'd think that the Internet of Things (IoT) was worse than the big bad wolf, creepy clowns and the IRS all rolled into one. What once was thought to be the next great evolution in the enterprise, has all but stalled out in both the private and public sector.
Much of this is thanks to the poor press that IoT has seen as of late surrounding data security. It then begs the question: Are our IoT fears truly justified? We're going to explore that complicated question today to get to the heart of why many enterprises are second guessing their IoT ambitions -- and why giving into IoT fears may not be the smartest decision to make.
Just to be clear, it was consumers that were first to embrace the IoT trend -- and the primary reason why we fear it in the enterprise. Everything from smart thermostats, to smart garage door openers, smoke detectors and doorbells have flooded the consumer market. But many budget and no-name brands being manufactured overseas were in no way designed with security in mind. The vulnerable IoT devices were easily infiltrated and turned into massive Distributed Denial of Service (DDoS) botnets. The most famous use of an IoT botnet to date was the DDoS attack on DNS provider Dyn, in October of 2016.
Yet, we must keep in mind that enterprise IoT is vastly different from consumer IoT. Not only are enterprise IoT devices hardened with an individual hardware and software perspective, IT architects responsible for designing IoT infrastructures have been taught to use an overarching, “security first” methodology for these types of projects. Therefore, security is not only baked-in to the IoT data collectors themselves, but also along the entire data pipeline. IoT projects that transport sensitive data will no doubt include security measures such as centralized authentication/logging, end-to-end encryption, and automated patch remediation processes to rapidly fix newly discovered security holes while deployed in the field.
Another thing for IT leadership to consider is the traditional risk vs. reward decision making process. In many business verticals, IoT projects can be used to create significant competitive advantages. A fear of IoT is expanding the window of opportunity, since many enterprise IoT projects have been put on hold due to concerns over data security. But if the project seems promising, it may be worth the risk to push on, as long as security is at the forefront. Often in the enterprise, we have to embrace fear and accept a certain level of risk. That's what business is all about. Don’t forget, early adopters once used the cloud to gain competitive advantages. That window of opportunity is now closed.
Personal data collection issues are another worry for business leaders. While this indeed is something to be made aware of, it too can be overcome. When the concept of big data and IoT first came along, the idea was to simply cast a wide net, collect and store everything you can – and then figure out what to do with that collected data. But with issues of personal privacy – especially if you are collecting data on customers – this is a poor approach to take. Instead, a better method is to collect specific data points that are useful, but also protect one’s right to privacy. Doing so will not only streamline your IoT project, but it will help gain the trust of your customers as well.
Here’s the bottom line: if you have the right IoT project in mind, concerns over data security should in no way stop you in your tracks. Yes, IoT is a bit scary, but fear is often something considered illogical -- or something we simply need to better understand and respect. In either case, a fear in enterprise IoT can easily become a boon for your organization, if properly handled.