Internet of Things engenders more challenges for the enterprise

The Internet of Things (IoT) began coalescing significantly in 2015. There are now smart city projects at the government level, standards and alliances, and ecosystems a-plenty. IDC predicts that the Asia Pacific IoT industry will continue its strong growth, with the number of units, or “things”, connected to increase from 3.1 billion to 8.6 billion by 2020.

"In 2016, the IoT brings availability to the fore. The rise of mobile and connected devices demonstrates that there is zero tolerance for downtime. The days of organisations being able to suffer through any downtime are long gone. Even a slight outage of a few hours will cause everyone involved in the business to be unhappy that they don’t have access, but more importantly, businesses will lose money, data, respect of employees, credibility from partners and loyalty of customers, doing potential damage to consumer and investor confidence," said Julian Quinn, Vice President of Asia & Japan, Veeam Software.

"2015 was a year when the Internet of Everything (IoE) and smart cities became realistic and achievable, instead of proofs of concepts. While the Internet enabled the exchange of digital information, connected devices now allow for practical, real-world applications for the data and to make informed decisions," noted Ang Thiam Guan, Managing Director, Singapore & Brunei, Cisco. "There is a strong momentum of IoT deployment across the globe; over 70% of Asia Pacific firms have an IoT solution in place, with Singapore leading with a very high rate of adoption of over 90% of firms expected to have implemented IoT by the end of 2015."

Change is going to happen even more quickly in 2016, Ang predicts. "2015 was the inflection point for the Internet of Things (IoT) and digitisation. Leaders from around the world convened in Dubai for the Internet of Things World Forum recently and witnessed real solutions that are now fundamentally changing the way we will live and do business," he said.

"The value at stake for Singapore businesses in both the public and private sectors is approximately US$52 billion," said Ang, referring to the amount at stake arising from the implementation of Internet of Everything, including the value from utilising technology and connected devices in IoT, along with associated concepts like smart cities and new digital working practices.

"As the IoT market swells to an estimated 25 billion connected devices by 2020, according to industry research firm Gartner, the amount of data that organisations will have at their fingertips will be enormous. This will help businesses find out valuable details about their customers, their business operations and their market sectors," notes Ras Scollay, Regional Director, Southeast Asia, CenturyLink.

Benefitting from the IoT will require additional work, however. Scollay added that the data produced by the explosion of connected devices "goes to waste" without advanced data analytics. "...Because big data needs a lot of processing power, many organisations will make use of cloud-based, big-data-as-a-service offerings, so they can get the full value of their information, without the associated capital expenditure," he predicted.

Securing the IoT

Security issues concerns a number of commenters on the IoT. Quinn of Veeam said: "As the IoT continues to gather momentum, the potential cost of downtime is set to escalate. Minimising downtime and data loss is critical to the overall health of all businesses and ensuring the end user remains satisfied. In addition, since more data and services are now both on premises and in the cloud, businesses in 2016 will need to ensure they have strategies to backup, protect and restore their data on all fronts."

“Connected units or devices in industrial zones, office parks and shopping malls will no doubt improve efficiency, as well as reduce the cost of energy, spatial management and building maintenance, but this will come at the cost of increased vulnerability,’ said Sanjay Aurora, Managing Director, Darktrace APAC. “Therefore, the most urgent concern is how to conduct business while maintaining the current levels of risk management, as networks become more open and complex, and more devices become interconnected. Businesses are expected to be able to keep information safe within flexible structures, but at the same time, they can no longer completely ‘fortify’ their online environments.”

Source: CA Technologies.
Arredondo.

"Conceptually, IoT is an elegant next wave, but under the surface is a lot of complexity that needs to be assessed and understood," said Kenneth Arredondo, President & General Manager, Asia Pacific & Japan, CA Technologies, pointing out that the multilayering and handoffs inherent in the IoT world create more vulnerabilities and attack points than ever before.

"With everything now being connected in some way to the Internet, and even the network, the IoT trend is becoming every hacker’s dream, creating a pathway to potentially harmful data when in the wrong hands. These threats don’t just affect the workplace, but personal and public space too. Gartner recently stated that 'by year-end 2018, 20% of smart buildings will have suffered from digital vandalism' such as plunging buildings into darkness and defacing digital signage. These hacks may just seem like only nuisances at the moment, but there are potential safety threats such carjacking which could compromise protection and security," the Head Geeks from SolarWinds cautioned.

"According to FireEye and SingTel, Southeast Asian companies regularly attract the interest of cyber spies and criminals looking to steal information about the region’s growing industry sectors..It’s therefore predicted that hacks, which affect personal safety, will continue to emerge. Whether it is a stove turning itself on in the middle of the day, controlling a car remotely, or a hospital device hack, the dangerous lack of security within IoT will make the need for human intervention and network management a much higher priority."

Amit Yoran, President, RSA, cautions that once cyber criminals access data, they can edit it. "Organisations will begin to realise that not only is their data being accessed inappropriately, but that it is being tampered with. Data drives decision making for people and computer systems. When that data is unknowingly manipulated, those decisions will be made based on false data. Consider the potentially devastating consequences of misrepresented data on the mixing of compounds, control systems, and manufacturing processes," he said.

"Intrusions into systems that control operations in the chemical, electrical, water, and transport sectors have increased 17-fold over the last three years. The advent of connected and automated sensors with the IoT aggressively exacerbates these issues. The growth in the use of cyber technology for terrorism, hacktivists and other actors, combined with the weakness of industrial control system (ICS) security generally, combined with the potential impact of bringing down a power grid or water treatment plant (hello, California), makes the critical breach of an ICS in 2016 extremely concerning and increasingly likely."

"Several troublesome proofs of concept made headlines in 2015 demonstrating the vulnerability of IoT devices," observed FortiGuard researchers in Fortinet's New Rules: The Evolving Threat Landscape in 2016 report. "In 2016, though, we expect to see further development of exploits and malware that target trusted communication protocols between these devices. FortiGuard researchers anticipate that IoT will become central to 'land and expand' attacks in which hackers will take advantage of vulnerabilities in connected consumer devices to get a foothold within the corporate networks and hardware to which they connect."

FortiGuard also noted that worms and viruses targeted at IoT devices could cause a lot of damage. "FortiGuard researchers and others have already demonstrated that it is possible to infect headless devices with small amounts of code that can propagate and persist. Worms and viruses that can propagate from device to device are definitely on the radar," the researchers said.

Researchers from Sophos Labs, on the other hand, says widespread security breaches on the things in IoT may be some way away. "IoT will continue to produce endless scary stories based on the fact that these devices are insecure (early 2015 saw many stories focusing on webcams, baby monitors and children’s toys and latterly cars have become a hot topic – researchers hacked a Jeep in July)," they said.

"However, widespread examples of attackers getting IoT devices to run arbitrary code are unlikely anytime soon. IoT devices are relatively protected, as they are not general purpose computing devices with the same broad suite of interfaces that is available on desktops/mobiles. Moving forward, one can expect more research and proofs of concept demonstrating that non-vendor code can be installed on these devices because of insufficient validations (lack of code-signing, susceptibility to 'man in the middle'*-class exploitations) by the IoT vendors."

They can however be useful to hackers for the information they contain, Sophos Labs said. "An increase in data-harvesting/leakage attacks against IoT devices can also be expected, wherein they are coaxed to disclose information that they have access to, e.g. video/audio feeds, stored files, credential information for logging into cloud services, etc."

"As IoT moves mainstream in 2016, the “identity of things” will be a major topic. Just as a person’s identity needs authenticating, the 'identity' of a device and any data flow to it must be confirmed and trusted. Tools, such as identity and access management (IAM) for IoT or IoT interaction tables (similar to drug interaction tables that doctors and pharmacists use with prescription medication), are needed to ensure users are engaging with the right 'things' and they are not conflicting, negating, or duplicating themselves in the environment," CA Technologies' Arredondo suggested.

One technology that could come in especially useful is Blockchain. "The surprise of 2016 will be the resurgence of Blockchain technology and its refinement to where it can truly find a home outside of the Bitcoin transaction ledger," he said. "Blockchain will have to overcome its 'guilt by association' with the Bitcoin problems, but the capability exists for it to become the storage of choice for sensors and IoT in general.

"Blockchain was a keyword in many startups two years ago and it is poised for renewal when one looks at the predicted increase in IoT and the need to engage securely among devices and have a record of those engagements. A technology, like Blockchain, that relies on a network of computers and has privacy at its core will be an important enabler of IoT and any organisation’s digital transformation as it further streamlines operations for greater agility and customer responsiveness.

Ultimately, as IoT devices evolve, the set of security concerns around IoT will start becoming very similar to the set of security concerns around SCADA/ICS, and the industry should look toward the best guidance that the National Institute of Standards and Technology, ICS-Cyber Emergency Response Team (ICS-CERT) and others have formulated, Sophos concludes.

Connecting things wisely  

"With all of the buzz around IoT, companies have rushed to connect almost everything. However, just because we can connect everything doesn't mean it makes sound business sense. As the market matures, we'll begin to see a weeding out of the solutions that don’t serve a true business or societal purpose. M2M vendors and service providers will focus on connecting the 'things' that really matter like utilities and smart meters, heart monitors, fleet management and chronic healthcare management solutions. 

Source: Vodafone.
Nelson.

"Just in Korea alone, transmitting real-time data from SIM cards over wireless networks has enabled technology providers to monitor vehicle activity and reduce the risk of traffic accidents, as well as improve waste management with smart bins that alert collectors when they are ready to be emptied. These are simple yet innovative solutions that greatly improve our overall quality of life. It will be exciting indeed to see what other positive impacts will come in the year 2016," said Justin Nelson, M2M Head of Asia Pacific (APAC), Vodafone Global Enterprise. 

In the final analysis, IoT could be a harbinger of profound change. Cisco's Ang warns that organisations must address a ‘digital vortex’ of disruption, the inevitable movement of industries toward a “digital centre” in which business models, offerings, and value chains are digitised. "Current forecasts around the number of connected devices are too conservative. By 2030, I believe that there will be closer to 500 billion connected devices. With digitisation, every aspect of day to day business will change; from supply chain to customer interface to productivity, every company will become digital. However, according to The Global Centre for Digital Business Transformation, only 25% of executives have a proactive plan to address digitisation," he said.

"Forty percent of market leaders will be displaced or eliminated by digital disruptors in the next 10 years. These disruptors offer differentiated products and services and better value than incumbents. This creates a hyper-competitive landscape driven by digital disruption, where lines between industries are blurring and markets are changing exponentially. In 2016, digitisation should be a priority, as technology strategy will play a critical role in our continued success as a country in the digital world. This digitisation should also be at the top of the corporate agenda. If governments are moving on digitisation with this type of tremendous speed, our businesses have to move even faster and be even more dynamic to realise the full potential of this opportunity."

Interested?

Read the TechTrade Asia blog posts on 2016 trends:
Citrix outlines cloud, IoT and security trends for 2016
What will happen to cloud computing
Vodafone M2M Barometer shows increased adoption for M2M 
Security in 2016

New software architectures and technology frameworks

The evolution of big data analytics

Read the TechTrade Asia blog post about Ossia and its wireless charging technology Cota, which could change how the IoT is powered

*SolarWinds comments were made by the SolarWinds Head Geeks: Patrick Hubbard, the IT Management Geek and Technical Product Marketing Director at SolarWinds. Leon Adato is the Network Management Geek and Technical Evangelist at SolarWinds, Thomas LaRock is the Database Management Geek and Kong Yang is the Virtualization Management Geek.

*IDC. Asia Pacific becomes the frontline for IoT. April 2015.