The Internet of Things is already improving how we live and work. But given the lack of quality control in the industry, IoT device security is still constraining the technology.
Internet of Things-connected devices are indisputably changing how we work and live.
IoT devices are connected to the Internet and can be installed in cars, oil rigs, retail merchandise and other items to gather critical data. The data gathered from these devices can serve myriad purposes. Health care practitioners can use sensors to monitor at-risk heart disease patients and distinguish between healthy tissue and a blood clot. Utility companies use IoT-outfitted meters to help consumers save on energy bills, and trucking companies optimize driving routes for faster delivery and gas savings.
But there is also a good deal of disquiet surrounding IoT device security. As Cisco.com reported recently, the global IoT device supply chain needs greater vigilance regarding quality control. In the absence of proper regulation and IoT standards, IoT device hacks have become a dangerous reality.
Expo floor, Data Center World 2017 in Los Angeles.
According to the Ponemon Institute’s "2017 Study on Mobile IoT Application Security", only 30% of nearly 1,000 respondent said that their organization allocates sufficient budget to protect mobile apps and IoT devices. At the same time, IoT device makers aren’t building in security at the outset. “Security isn’t a key element of product design,” said Jose Ruiz, vice president of operations at Compass Data Centers, at Data Center World in Los Angeles in April 2017.
The failure to build in security at the outset can have broad implications. Consider the Dyn cyberattack, which made many cloud-based websites like Netflix, Spotify and Reddit suddenly unavailable in October 2016. The attack began with malicious hackers gaining control of vulnerable IoT-connected devices, such as CCTV video cameras and digital video recorders.
We sat down with Ruiz to discuss the opportunity and risks of IoT devices. Here is Ruiz’s take.
Jose Ruiz: Compass Data Centers is a wholesale data center provider, but we have data centers nationwide. We started the company in 2011. We have been developing a data center product. A company can come to us in bite-sized chunks and help them with their IT capacity planning so they only have to deploy in bite-sized chunks.
We provide the real estate: the power and cooling and the walls, if you will, of a data center facility. From a power perspective, our starting point is a 1.2 Mw data center. Our customers buy the data center product, and when they need to scale, they do so in that bite-sized chunk: 1.2 Mw or 2.4 Mw, but the difference is it’s not a container. We have a hardened shell building and so we have a patent, so these buildings connect with each other to scale appropriately.
Ruiz: AEP, American Electric Power is the utility company for the state of Ohio and surrounding areas. Smart meters get deployed in neighborhoods, they have connectivity. Customers can then elect for on-demand programs, where they say, “During this time and this time, I will be at a reduced rate because I won’t be consuming as much electricity [and the utility charges a reduced rate based on less demand].” There is an opportunity to partner with their customers and gain benefit on both sides.
Ruiz: They can be difficult to describe because they have many different manifestations. During my session, I made reference to video cameras that you can access with smartphones. If you’re in Paris and want to check on your dog at home, you can do that. But do you have a firewall on your home network to protect what’s connected? Desktops, personal finances could be potentially exposed to the bad guys.
And then, what we see is that the volume of IoT devices, what is coming online, it’s experiencing hypergrowth. We’re going to see billions and billions of devices by 2020. We believe that the Internet companies: the Verizons, the AT&Ts, with fiber providing this connectivity aren’t ready for what’s coming. It’s because the infrastructure isn’t there yet to support it.
[Or consider] driverless cars: The amount of data that that device will generate is incredible: petabytes of data that needs to be processed and transferred through the network to some central platform that can make decisions. So I just don’t see that as being ready yet. Will we get there? Yes. We’ve come a long way from a networking data center perspective.
I urge customers to think about security first If I put this device online, how will it affect my neighbor, my company?
Ruiz: Every company will have their specific purpose for IoT [and hence ROI timeline]. The utility provider could expect an ROI that is almost immediate of energy savings for consumers. Maybe it’s not immediate, but even if it's a year or two, they have a much better starting point.
Managing Editor, Cisco.com