The incredible opportunities and risks of the Internet of Things
The incredible opportunities and risks of the Internet of Things

Earlier this year, I spoke at the Consumer Electronics Show about how the Internet of Things (IoT) is changing our lives. At the end of the session, the moderator asked the panel – including leaders from BlackBerry, Google, Samsung and IBM – to describe the future of IoT in a couple of words. Every single one of the panellists essentially answered the same way: “exciting and terrifying”.

For years, we've heard about how IoT will revolutionise our world, with everyday objects like cars, TVs, fridges and even coffee makers connecting to the internet and communicating with one another, making our lives easier and more efficient in the process. Over time, the conversation has shifted away from the ‘things' themselves and towards the ways in which the true value of IoT will be realised. It's a shift driven by the business community, with IDC reporting that innovation-driven IoT spending will reach US$ 1.4 trillion (£1 trillion) by 2021. And today it's creating an emerging Enterprise of Things (EoT) – a network of intelligent connections and endpoints, such as computers, smartphones, sensors, trackers, equipment and other ‘things' – that will define how we live and work together in the future.

Easy to build; hard to secure

The virtualisation of the physical world is already changing how products are made, serviced and monetised. With electronic components constantly becoming cheaper and more readily available, the price of connecting a newly-manufactured device to the internet is quickly approaching zero.  But while the potential of IoT is arguably limitless, the challenge of consistently managing and secure ever-growing networks is not. With more IoT endpoints, the volume of data that must be both protected and analysed increases, along with the endpoints themselves that must be secured.

2017 was the year that data breaches came to the forefront; CNN termed it the ‘year that nothing seemed safe', as it explored how businesses and government organisations alike were let down by security failings. But security is no longer just about protecting data; when ‘things' are connected and can be remotely controlled, IoT devices being to present a direct physical threat.

The automotive industry is at an inflection point where cars are becoming complex IT environments on four wheels, with software footprints exceeding 100 million lines of code. Likewise, drones (which are all the rage amongst techies and social media celebrities) can easily be accessed remotely. This potential weaponisation of IoT is even more of a threat than data theft and security. Protecting people and places is a much-overlooked concern against the backdrop of the constant data breaches that we hear about in the news.

Uniting the physical and logical worlds

From an enterprise standpoint, there's a significant gap between the security and management of traditional endpoints and emerging EoT endpoints. Most IT departments have established systems in place to manage workstations and mobile devices, but few are really thinking about the Enterprise of Things, and even fewer have a clearly defined strategy on how to manage it. Going forward, IT departments will need to address physical and logical security as part of the same integrated domain.

This type of transformative change isn't new; just a short decade ago, the mass proliferation of smartphones and tablets fuelled a chaotic period, requiring IT to rapidly transform to manage the new normal of BYOD-driven mobile endpoints. Now, just as many believe that the endpoint security challenge is firmly in hand, the EoT has come along to present a new wave of challenges and opportunities.

Indeed, a recent BlackBerry-commissioned white paper conducted by 451 Research suggests that 63% of IT decision-makers believe that security concerns around digital technologies like EoT are the biggest inhibitors to digital transformation. Another challenge relates to how organisations own responsibilities; for instance, IT often manages traditional endpoint environments, while operational technology or line-of-business managers have responsibility for EoT initiatives, including securing EoT endpoints. Business leaders fully understand the inefficiency of this structure, with 78% of survey respondents saying they would be interested in solutions that could manage all enterprise endpoints.

Enterprise-wide & beyond

Businesses cannot allow a lack of collaboration among internal departments to inhibit their ability to fully realise the potential afforded by future-facing technologies; it's essential to be able confidentially and reliably transmit sensitive data between endpoints. In practice, this requires a holistic, unified approach, using robust collaboration solutions. Modern IT departments need a comprehensive approach to security that addresses the entire organisation from endpoint to endpoint, using a trusted enterprise-wide solution with independent security approvals and certifications.

But the responsibility for this cannot fall within the enterprise alone; the public and private sectors must work together to secure IoT devices that are increasingly being used as vectors for cyberattacks. Standards need to be put in place for devices that can create safety risks when hacked, including specific security requirements such as mandating that these devices be able to receive, verify and install secure software updates over-the-air.

Security is only as strong as its weakest link, thus the same standards must apply to all networked objects; the fundamental concepts of confidentiality, integrity and availability must apply to all internet-connected devices. It doesn't make sense to consider traditional endpoint security and management and emerging EoT programs as separate initiatives. Now is the time for IT leaders to create a holistic strategy to manage all of their endpoints, ensuring a productive, safe and secure future for their business.

Contributed by Alex Manea, CSO, BlackBerry 

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.