Define Security First
Given the amount of prose dedicated to the internet of things, it would hardly be foolish to assume that the term is well-defined and well-understood. In reality the opposite is true – professors, tech companies, the media, and individual blogs all disagree on what exactly falls under the umbrella of internet of things.
The problem seems to be that until recently, the internet of things was a relatively niche area. Its gadgets hadn’t yet become mainstream and ubiquitous, all-compassing connectivity was nothing but a glint in the eye of tech giants. However, today the term has become incredibly broad. It includes everything from Apple’s smart watch to city planning and from airport technology to health monitoring. It’s so broad that almost any internet-connected device can reasonably claim to be part of it.
The problem is comparable to that faced by cloud computing five years ago. At the time, the term ‘the cloud’ seemingly referred to everything stored online in some way – as if the entire cloud was one single model. As the market developed and matured, and the adoption of the cloud became increasingly widespread by personal and business users, a more refined set of terminology developed. Today it has been broken down into a number of subsets – for example, PaaS, SaaS, IaaS, etc.
As the internet of things sector matures and the industry develops, we will no longer be able to bundle all these very different things under one generic umbrella term. Much like ‘cloud’ or ‘big data’ in the past, it’s incredibly overused, and to some degree, almost too vague to be useful.
The answer appears to be rooted in security. As with the important distinctions in cloud computing – each which requires the business using the service to negotiate a different balance between trust and control with the cloud provider – a similar set of distinctions must now be made for the internet of things.
After all, it is a significant challenge to establish trust and control across an enormous range of ‘things’, particularly when they are widely distributed, deployed on a scale of millions, and handle highly sensitive data. The information flowing through a network of smart ovens is very different from the information generated by a installation of earthquake detectors. Therefore, it is impossible to discuss to define the internet of things effectively without first breaking it into parts. Failure to separate the IoT into differing levels of security will lead to trying to secure all data on all devices – an impossible task.
How or what those terms may be is a job for skilled professionals – the same professionals who secure nearly every website on the planet and the payment systems we use every day. The coming years should be a fascinating time.
By Daniel Price