Cisco estimates 50 billion devices and objects will be connected to the Internet by 2020. And that estimate may be low. If consumers count every device that draws power in their home – lamps, light bulbs, kitchen gadgets – and then factor in objects at work, there may be many more billions of connected devices by then.
But the problem is, many traditional networks are still manual, static and complex, which isn’t ideal for IoT. To realize the promise of a hyper-connected future, three shifts must take place.
* Fiber. The bandwidth needed for the onslaught of IoT connected devices should be enough to make anyone think about the fiber. At the Consumer Electronics Show, a lot of coverage focused on this because of the emergence of 4K ultra-high-definition television. But there were poignant examples as well, one involving a medical use case in Cleveland. An organization helped deploy a fiber-optic network capable of 100Gbps data transfer speeds to support high-definition video so remote neurosurgeons could assist in operations, because obviously buffering and delays are not acceptable.
The underlying conversation around 4K and 100Gbps has to do with fiber-optic networks. Getting cities – and consumers – hardwired with fiber will be a necessity of the future. The term Smart City has been used to characterize these communities that are investing in infrastructure and advancing science and technology efforts to securely collect and use data to do everything from decrease energy consumption to cut overhead costs and improve the life of residents. The White House stepped into this arena last September when it announced a “Smart Cities” Initiative to invest more than $160 million in the concept.
* IPv6. Right now, we aren’t actually seeing an overwhelming adoption of IoT devices in personal homes or offices. Cisco stated in its same report, more than 99 percent of things in the physical world remain unconnected. However, it’s only a matter of time before every single aspect of our life is Internet dependent.
In today’s environment, if consumers want their devices to be accessed outside of their homes or private networks, a user has to go in to their Wi-Fi router and portmap it to an outside network. This is complicated and not very user friendly.
The fix: give public IP space to all of the “things.” Great in theory, however, the rate of new “things” is growing at such a rapid pace, the current method of assigning addresses won’t be able to accommodate the volume. In order to provide addresses for every device, the Internet will need to transition from IPv4 to IPv6.
So what’s the hold up Right now there isn’t imminent financial motivation or competitive pressures for broadband providers to transition. As long as the market can efficiently broker the remaining, sellable IPv4 address space to those that require it, the pressure to migrate to IPv6 will not fully materialize.
Over time, as the number of IoT devices increases and IPv4 addresses grow more scarce, financial and competitive pressures will rise accordingly, eventually leading to economic incentive for IPv6 transition. Consumers will demand the ability to interwork with every device seamlessly with speed, ease and expect that the “Internet” continue to be the ubiquitous, any-to-any network they grew accustomed to in its IPv4 origins. An IPv4 and IPv6 Internet, patched together with transitional technologies such as Network Address Translation, won’t be able to scale to the levels forecasted for IoT devices, not without cumbersome constraints. This perfect storm of consumer expectations and financial incentive is what is required for IPv6 to become a reality after all of these years.
* Security. There is a lot of concern about what it will mean for the threat ecosystem to have millions of connected devices – especially those managed by consumers – available for malicious activity. If we don’t address the security issues rearing up today, we’re going to have a serious security situation. Right now, many companies are making Internet-connected devices that aren’t able to be patched or easily updated with new security rollouts. Considering many IoT devices collect personal data, security should be a concern for all.
A few months ago we saw a non-malicious hack of a children’s toy company. The hacktivist, a Grey Hat, was able to exfiltrate photos and personal information of young consumers. The Grey Hat took these actions to show the company how unsecure they were and teach the industry a lesson. This wasn’t the first time a child’s toy was in the spotlight for having security vulnerabilities, and probably only illustrated the tip of the iceberg.
It goes without saying, IoT developers should do more to secure their products. For organizations using IoT, it is essential to do a rigorous analysis of the security controls built into IoT devices and services they wish to use. At a minimum, an audit of IoT device’s communications channel, use of encryption, an analysis of the type of data it collects, stores and transmits, and the security of the end-point(s) with which it communicates, is paramount.
Given IoT’s growth rate, and the resulting broadening of the cyber-attack surface, organizations must be ever more vigilant in conducting comprehensive risk analyses and in the implementation of proper governance structures. A risk-based approach is the best way to balance the risk of using IoT with its unlimited productivity benefits.
The promise and lure of IoT is exciting for both consumers and the industry. If these three areas become a focus, we can move toward an Internet of Everything connected future.