Is your organization highly resilient to cyber attacks? Consider these three approaches to building resilience into strategy.
Is IoT growing up? 5 key issues
Is the tech community making enough progress on IoT security and other challenges? I saw reasons for both optimism and pessimism at the recent Connected Things conference
At the fifth annual MIT Enterprise Forum Connected Things event, the report card on the state of Internet of Things seemed to deliver mixed results. In the five years since the event kicked off, the IoT and Edge Computing space has evolved in some ways and not really materially changed in others.
However, one aspect of the event that struck me was that I didn’t see or hear much that looked like solutions in search of problems. This partly reflects a focus on technologies and applications that aren’t part of the consumer gadget space (which still seems to feature more IoT toys than genuinely useful products).
[ For more IoT perspective from Gordon Haff, read also: Why IoT is not an island. ]
But it also reflects a maturing industry segment that has really started thinking about use cases and how to systematically apply IoT technology for business value. Let’s check in on five key areas:
1. IoT security
Security, alas, mostly falls into the “not much new to see here” camp. There’s not so much an awareness problem: Security-related IoT spending is on a steep upward trajectory. Unfortunately, so is the growth of breaches and botnets associated with connected devices.
The tools to seek out vulnerabilities are increasingly democratized and available to anyone with malicious intent; attackers range from professional hackers to governments.
Joe Bagnal, CEO of Vericlave, said that 95 percent of today’s IoT cybersecurity solutions are focused on the higher levels of the software stack (roughly layers 3 to 7 in networking parlance) and are mostly reactive, based on data analytics. He argued for a more proactive approach at the lower network levels.
Other conference panelists suggested that regulation was probably needed – while acknowledging that protecting and applying updates to vast numbers of sensors and other endpoint devices is a difficult problem to solve, especially as life- and safety-critical systems in spaces like automotive and healthcare are increasingly networked.
This event has probably had a security talk or panel every year I’ve gone, but no one really has a great IoT ecosystem security answer, or even a roadmap for one yet.
2. Organizational challenges with IoT
Another persistent IoT challenge is a constant that goes beyond IoT: Technology is (relatively) easy; people are hard.
Security threats and the need for better sensors for some applications notwithstanding, there seemed to be general agreement that we have access to a lot of technology that can do useful things. But overcoming political and organizational challenges proves enormously difficult.
These challenges can hold organizations back in other contexts, such as truly thinking like the customer. For example, Bernardo Rodriguez, chief digital officer of J.D. Power, pointed out some connected car features that merely made things more complicated for users. “Building tech is not enough. You have to solve a problem,” he said.
David Elges, CIO of the City of Boston, described how different departments controlled different parts of Boston’s city infrastructure and the difficulty of getting everyone on the same page. Furthermore, it’s generally hard to bring together information technology (IT) and operational technology (OT) professionals to create a comprehensive strategy that can also be justified in a public budget, he said.
3. The eclipse of platforms
One big difference today compared to a couple of years ago: There’s far less talk about and attention paid to off-the-shelf IoT platforms, such as GE’s Predix – which may be spun out of the company. GE Digital, in fact, keynoted this event previously. By contrast, Frank Gillett, VP and principal analyst, Forrester Research, told me that GE now views Predix as “not strategic.”
The industry seems to be acknowledging that customers want a toolset that doesn’t come with lock-in. This is, of course, a familiar theme to anyone who has worked with large enterprises. Starting over with a clean sheet of paper is rarely a practical option for organizations. This is doubly true when talking about large industrial machinery, facilities, and other operational technology assets that have lifespans that can easily stretch to many decades.