I have, over the past three years, posted a number of Internet of Things (and the broader NIST-defined Cyber Physical Systems) conversations and topics. I have talked about drones, wearables and many other aspects of the Internet of Things.
One of the integration problems has been the number of protocols the various devices use to communicate with one another. The rise of protocol gateways in the cloud service provider market is an incredibly good thing. Basically, this allows an organization to map sensors and other IoT/CPOS device outputs to a cloud gateway that will connect, transfer and communicate with the device – regardless of the device’s protocol of choice.
What the new gateways do is remove integration as a stumbling block for ongoing and future IoT solutions. Pick the wrong horse in the initial protocol race? With a gateway, it doesn’t matter. You can, over time, replace the devices deployed with the orphaned protocol and move forward with your system. The cloud service provider protocol gateway gives you the flexibility to also consider deploying multiple types of sensors and protocols, instead of limiting your organization to one.
The question going forward is this: does the integration provided by the gateway give rise to the broader concept of an IoT broker? This is where the services offered by IoT devices could be parsed out and shared within organizations and companies that are members of the broker. Think of it as being like a buyer’s club for sensors.
From my perspective, the issue that keeps me awake at night is IoT device security. For the most part, IoT devices are often ‘fire and forget’. Yes, occasionally, you may have to change a battery or replace a cellular connection. Sometimes you may have to update how the device is deployed. Others just aren’t going to be attacked because you won’t gain anything. I read an article that wrote about hacking the river monitoring system, causing a flood downstream. I thought about that for a long time, and I realized the reality of flooding is we know when it coming and everyone would be out there with manual measurements anyway. That would work. There are other ways to create an effective attack through the IoT.
It is the security of IoT devices that will become more and more troublesome. Firstly, because the number of them is growing rapidly. From 10 billion or so deployed in 2015 to more than 40 billion devices deployed by 2020. That’s 4 times the devices in the next 4 years.
If we consider the reality of devices, that means that many devices that are deployed today will still be deployed in 4 years. The cost of devices and often the capital expenses for hardware are spread over 3 to 5 years. That means a growing number of devices will be already deployed by 2020. It isn’t a run to the cliff and then leap into 40 billion deployed devices.
What scares me is that there are 10 billion or so devices deployed today. Logically, 2 billion of them will fail. 2 billion more will be replaced naturally. That leaves 6 billion devices deployed with the security solutions of today – that will rapidly become obsolete. That is a fairly expensive number to replace. The gateways mentioned earlier in this article will suddenly appear again. Today, they represent a way to bring multiple IoT protocols together. In the future, they will become the best line of defense for deployed devices.
Deploying secure solutions at the gateway level will be the best defense against attacks for IoT devices that do not have integrated security. The next-best thing would be the deployment of devices with easily removed security modules, but that is a consideration for upcoming devices – not ones deployed today.
A secure IoT future – enabled by a simple cloud gateway.
By Scott Andersen
