Love it or hate it, the Apple Watch, introduced last fall and fully unveiled at a press event yesterday, signals the mainstreaming of wearables specifically, but, more importantly, the Internet of Things (IoT) in general. It wasn’t just the Apple Watch that the company announced yesterday, either. They also announced ResearchKit, an open source framework for collecting data that leverages the ubiquity of iOS to collect medical research data at scale.
This all comes after last week’s Mobile World Congress in Barcelona where connected devices and IoT were more prominent than ever before. Leading up to MWC, Forrester analyst Dan Bieler explained: "The long-anticipated marriage between big data and mobility is finally happening - and I expect just about every vendor at MWC to claim a stake in these mobile wedding arrangements.” We heard announcements about connected cars, Apple Watch competitors, smart city initiatives, asset tracking, and more. Perhaps more importantly, there was considerable buzz about the 5G cellular networks that will be required to make this all happen at scale.
Let’s take a step back though and look beyond the consumer hype. IoT isn’t an especially new concept. People have been talking about practical machine-to-machine (M2M) communications for over 40 years and connected devices have been appearing in large numbers in vertical markets like healthcare, manufacturing, logistics, and petroleum for more than a decade. Google acquired Nest for $3.2 billion in early 2014 and have been advancing the smart home technologies that came with the company ever since.
“Great!” you say... we’re getting energy-efficient homes, smarter transportation grids, and safer mining from the Internet of Things. Apple is going to revolutionize medical research with legions of iPhone users. Telemedicine and home health care are dramatically improving access to state of the art care. And this is just the tip of the iceberg. This is good stuff... except...
Security. Researchers believe that the wearable market alone will be $53.2 billion by 2019. That’s a whole lot of personal data flying into and out of data centers, terabytes of location data zipping around the Internet, and a truly massive attack surface for hackers. As Ryan Witt, Fortinet’s head of healthcare explained in a recent blog post,
“Many diagnostic systems use off-the-shelf operating systems like Microsoft Windows while other devices use purpose-built software designed to collect data - not keep it safe. Too many of these devices are eminently hackable and, once compromised, can provide hackers with unfettered access to the clinical data systems within which they interface.”
The same is true for many of the IoT systems outside of healthcare. Big data concerns and finding ways to exploit these new technologies are coming first while security too often takes a back seat (or is left on the sidewalk pulling up the Uber app to get a ride).
We’ve reached a tipping point now with IoT where specialized industrial and vertical applications will be churning out data right alongside consumer apps and devices. These devices will be hitting corporate networks, making BYOD à la 2013 look like a picnic for organizations. Derek Manky, Global Security Strategist with Fortinet outlined the growing threat for businesses:
“With IoT's larger attack surface, endpoint security and management becomes much more fragmented. Most IoT devices wouldn't come with antivirus control but even if they did, the size and diversity of the IoT ecosystem would make the process impossibly complex to manage.”
Of course, this doesn’t even touch on the broader security and privacy issues associated with IoT, but it does suggest a strategy for organizations, at least, as the IoT explosion begins:
“Network-based inspection, therefore, is the only way forward for IoT. Every network will need a security appliance that is intelligent enough to deeply inspect code written for these non-traditional platforms.Threats can hide just about anywhere nowadays − it's easy to find them embedded within otherwise legitimate traffic streams.”
The Internet of Things is here to stay... here’s hoping that developers, administrators, and device manufacturers give as much thought to security as they do to the billions of dollars this industry will be generating in the years to come.