The Internet of Things remains one of the most talked-about trends in technology. And the last 24 months have introduced the greatest leap in terms of technological innovation and industry adoption since its inception. In addition to an explosion of connected consumer devices, enterprise-oriented applications have emerged on the scene, further propelling the growth and applicability of IoT.
A comprehensive study conducted by IT analyst firm Forrester (commissioned by Zebra Technologies), found that more than 80 percent of the nearly 600 global enterprises surveyed agree that IoT solutions will be their organization’s most strategic technology initiative in the coming years.
But there are a number of reasons why enterprises have not been even faster to adopt IoT solutions for their operations. The most common consideration is build vs. buy, which addresses the complexities around design and implementation. While companies seek to attract and keep new customers in every sector from retail to transportation, and hospitality to government and healthcare, one underlying concern is security. Most devices come from very small startups that lack security expertise.
This presents a major challenge for enterprises implementing these devices into their networks. Because of the lack of hardened devices, companies expose other elements in their networks to risks, as IoT often represents the weakest link in the security chain.
An AT&T survey released this past March showed that only 10 percent of enterprises were confident that they could secure their IoT devices against hackers. IoT devices represent a layer of external control that smartphones and other devices don’t possess. Every company would want their product or complete platform connected to the internet and for their end-user customers to interact with those platforms via a mobile friendly application.
But in the process, these organizations are finding out that this is not a trivial task but one that requires new expertise especially as it needs to scale across product volume and portfolio. This ‘build vs buy’ dilemma carries five stark distinctive considerations for each route. The network protocol, network security, the cloud infrastructure, the development cycle, and the operational necessary maintenance.
Network Protocol is how devices connect to the cloud. The basic value of IoT is collaboration among devices, so this decision cannot be made in silo for just products but rather in context of the ecosystem a device will exist for the next number of years. An in-house approach will include the need to develop network protocol expertise and select the right protocols that meets global standards and scalability. A ‘buy’ path entails aligning with existing industry standards and ecosystem support ensuring comparability and scalability for long commercial lifecycle.
Another key area for IoT adoption is Network Security. A consideration around an intent to independently secure IoT devices from malicious viruses and ransomware requires security to extend beyond basic “Physical Access.” The new complexities require end-to-end security from device to applications. When buying into existing solutions, an organization should ensure constant updated security standards ensuring access for only authorized devices, users, and applications over a secure and fully encrypted channel session. In addition, they should carefully vet the IoT device vendor, to ensure they have properly tested their devices against all known threats and vulnerabilities, and to verify they have an upgrade path for implementing new security patches.
The common confusion around Cloud Infrastructure is that all it takes is cloud storage solutions. In fact, the IoT cloud arena requires an ‘always-ON’ behavior for connected devices as a continuity guarantor. When considering the ‘buy’ approach, companies seek to partner with a certified MCU and semiconductor cloud partner that is industry standard-compliant, offers support, and enables shorter development cycle and IoT solution reference designs.
Next generation connected devices are set to take advantage of next generation embedded chipsets. This aspect of the Development Cycle takes into account next generation designs with features and capabilities meant to get over the learning curve. Reference designs and kits by MCU partners can help speed up the process.
Lastly, Operational Maintenance, the new set of expertise and resources to support not just the development of the cloud service but on-going support for a 10-year device life. This comes in stark difference from the accustomed 24/7 in-house resources and expertise needed to support global rollout of both new and legacy IoT devices. Ensuring seamless end user device experience.
Maintaining a regiment of software patches addressing new vulnerabilities is something that will be challenging for both service providers and the enterprise, but it’s paramount to protecting the network from breaches via IoT devices. For example, one service provider found that devices they were offering to their subscribers as part of their Smart Home offering lacked critical security features and were vulnerable to a lot of basic attack vectors. This company had to take it upon themselves to acquire the resources with the right skillset to audit all new devices as they came in from shipping before shipping to the consumer. Even more challenging is ensuring that those devices can be upgraded and patched once shipped and installed in a consumers home as part of an ongoing security patch maintenance program.
Such a program requires more than just a skillset; it also requires a framework of internal processes to manage the program.
Travis Russell is Director of Cybersecurity at Oracle Communications.