The Internet of Things (IoT) – or the Internet of Everything (IoE) – has been the subject of industry analyst, and tech-media, excitement for just about forever. We’ve been bombarded with reports and articles about how the IoT will dramatically change corporate IT, and IT departments, for what seems like years.
However, in 2015, it finally feels as though we are about to hit the point of no return with IoT. Where all, and not just some, IT departments need to consider and address the IT management and security implications of the IoT, and the growing need for automation.
IoT and IT Management
IT operations teams will need to tackle IoT-related issues such as:
- IP address management (including meeting the increased demand for more IP addresses)
- Service/fault management
- Big data analytics needs, related to the wealth of new devices connected to the network
We’ll see IT departments having to look beyond traditional IT capabilities, such as availability and capacity management, to work closer with business colleagues on how these now-connected devices do, can, and will tie-in to business operations and business models. Not only will this potentially require more people, it will most likely also require new skills. It will also add to the need for greater automation in IT management – and hence my cautious use of the word “potentially” in relation to needing more people in the previous sentence.
IoT, Automation, and M2M Transactions
Technology per se is advancing at an exponential rate, as evidenced in innovations such as self-driving cars, facial recognition, and programs that predict our buying patterns. The Massachusetts Institute of Technology (MIT) Sloan School of Business’ Initiative on the Digital Economy (IDE) has been analyzing the trends and impacts of technology in the digital economy – especially the growth in automation in what they term the “second machine age.”
We’ve already seen the growth in automation in corporate IT and not just in the traditional automation of repetitive, and labor-intensive, data center tasks. The need for IT management capabilities in the new world of the IoT will far exceed most IT department’s existing manual capability. Also, the expected rise in intercommunication and autonomous machine-to-machine (M2M) data transfer through IoT devices will also need to be addressed.
Security
From an infosec perspective, there’s the security of a whole new breed of network-connected end points to consider – particularly given the media’s increasing interest in high-profile-company security breaches and the adverse impact (brand and financial) on the companies of these often socially-amplified stories. The security elements to consider include but are not limited to:
- Data security – There might not be sufficient security functionality embedded within the IoT device, due to a lack of local resources or capacity. This will of course change over time, but for now it needs to be addressed and security might instead need to reside within the web service in front of the device.
- Message integrity and secure communication – We need to consider the route data follows from the IoT device. For instance, it might be via a local data collation hub – with the potential for sensitive data to be stored in insecure locations a concern along with any transmission-based security needs. As with most security breaches, the attack succeeds at the weakest point.
- The issues associated with the use of third-party cloud service providers – A likely necessity given the potential volumes of M2M data. There’s nothing new for corporate IT organizations here, just the risks associated with things such as scale, identification and authentication, data access, and legislative boundary restrictions. It also ties back into IT management, as the IT pros responsible for managing the third-party cloud services will need to not only monitor service levels and costs but also the adherence to security-based contractual terms.
- Privacy – As with anything related to IT and data these days, IoT-related privacy risks will also need to be addressed – as IoT devices collect and aggregate data related to their operation (and business purpose). The constant collection and collation of differing data sets will no doubt, and should, lead to concerns about data privacy. This is again nothing new for corporate IT organizations; it’s just another facet of the big data challenge they probably already face.
This article only skims the surface of the corporate impact of the IoT but hopefully you will agree that the IoT will dramatically change the role of the average IT department, and its people, potentially requiring both a change in IT and security operations, and automation capabilities.[su_box title=”About Sarah Lahav” style=”noise” box_color=”#336588″]
Sarah holds a B.Sc. in Industrial Engineering, specializing in Information Technology from The Open University in Israel, and spends her free time with her three beautiful children.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.