IoT: device management and security are crucial

The tipping point for Internet of Things (IoT) development has arrived, as more companies design solutions to help them mine new sources of valuable data to transform their enterprises. A recent Economist Business Unit report found that nearly 60 percent of companies are using IoT technologies and a similar percentage are seeing much better-than-expected return on investment.

Yet the Economist report also revealed some frustrations about the pace of progress in IoT development as companies seek to speed their time-to-value. Some of this is tied to lingering concerns about security; in other cases, there’s evidence that design and deployment is slowed by the sheer complexity of IoT development today. Billions of connected devices require provisioning, management, monitoring and security for which today there isn’t a standardized development flow or methodology.

There are vastly different approaches and diverse choices in hardware and software, with multiple device vendors to manage. There’s the risk of supplier lock-in with hardware and with cloud services, be they public, private, on-premises, or a hybrid. There are different device types: constrained, ultra-constrained, resource-rich, edge gateways and mainstream devices and different approaches to connectivity.

Let’s take a closer look at some of the challenges that need to be addressed.

Lots of data, lots of risk

The sheer volume, velocity and variety of data need to be considered. This explosion of hardware devices means that IoT data volume is growing much faster than bandwidth is to the cloud. Consider just one use case: In the future, Arm anticipates 500 million high-definition (HD) image sensors will produce 300 exabytes of data per month.

Additionally, the rapid growth of IoT expands the potential attack surface for malicious actors, which means poor security can lead to disastrous economic effects for companies.

This IoT data is often distributed across regions and systems and siloed across organizations. To deliver value, it must be unified, analyzed, secured and interpreted in the context of other data sources — a complex task given the spread and deployment of devices and disparity of data types.

Security

The noted security analyst Brian Krebs has said, “If what you put on the Internet has value, someone will invest time and effort to steal it.”

IoT data must be trustworthy and reliable, but there are many ways for data to be compromised. We’re all well aware that security can be compromised by external, malicious forces. For example, there has been a 300% increase in malware loaded onto IoT devices and a 600% increase in IoT device attacks. Shockingly, there will be an estimated $6 trillion in damage linked to cybercrime by 2021.

Then there’s the risk of violating government guidance, standards and law. Companies will need to comply in the countries they want to sell in, otherwise they could find themselves shut out of some markets, fined, or both.

IoT development: Blocking and tackling

Operational challenges abound from the beginning of the IoT journey to its end. For example, how do you efficiently roll out hundreds of thousands or even a million devices in a timely manner? Once up and running, device firmware and IoT application software will need to be updated – possibly multiple times – during the course of the device’s life. Additionally, the device should be monitored against established baselines.

This creates the environment for an early warning system that can highlight possible software bugs or security exploits. Devices also may experience an “upgrade” during their life cycles, as new capabilities may be activated and enabled over-the-air, based on needs and business cases.

Ownership changes require re-assignment of control, and at the end, devices need to be decommissioned and brought to end-of-life in an efficient manner.

These development and deployment challenges are prompting companies to re-examine how they allocate resources more efficiently. For example, only 15% of overall IoT systems development time is IoT application development. But a full 30% is device-management issues (provisioning, onboarding, and updating devices and systems), while 40% is taken up by developing the device stacks. These tasks can be very tedious, and IoT expertise in organizations is limited today.

One of the most important aspects of any IoT system is connectivity, but today assessing the right path can be difficult because connectivity options can be fragmented. IoT devices are being deployed globally and in diverse applications. For reliable data collection, the devices must be cost-effectively and securely connected on different types of networks. Flexibility and choice are key, whether it’s a type of cellular connection (2G-5G) or having to deal with both IP and non-IP communications protocols (Wi-Fi, Wi-SUN, BLE, Ethernet, etc.).

Four pillars of IoT effectiveness

This is the world of complexity that companies can confront as they embark on their IoT journeys. But solutions are emerging to take the pain and much of the effort out of this.

Each IoT project needs a firm security foundation upon which to launch. This if the first of four key pillars upon which to start your IoT journey. For example, “PSA Certified” is an industry-endorsed framework and certification program for making more secure, connected devices. It guides risk analysis and technology choices for both hardware and software. Teams can use the PSA Certified methodology to analyze and evaluated assets and assess security threats. It also enables them to architect and implement security solutions based on identified security requirements and then certify that products adhere to security requirements.

Three additional pillars are also crucial for any coherent and comprehensive solution – data, device, and connectivity management.

Data management services must deliver a unified view of data to speed visualization and business intelligence insights, which will help optimize enterprise functions, ranging from marketing to asset/supply-chain visibility.

In systems composed of thousands, hundreds of thousands or millions of endpoint devices, device management services must deliver a single view of all devices that helps enabled unified security and unified client abstraction for fragmented device profiles. These type of platform functions can, for example, help improve energy management in systems and devices and help foster predictive maintenance.

And then there is the need for visibility inside each device itself, where both malicious hacking and human programming error can wreak havoc. Effective IoT platforms should be able to collect metrics from connected devices and use them to detect deviations from expected behavior. When problems inside a given device are detected, they may have been caused by human error (such as misconfiguration or a firmware bug) or by malicious activity, such as a cyber-attack.

System administrators can specify expected behavior for groups of devices by means of rules and thresholds for processor utilization, memory usage, active network connections and amount of data sent and received by the device. For example, a user recognizes that a programming error is draining the battery life of deployed devices. A variation could be a memory leak that is causing data to be lost and/or device restarts. The customer then patches the faulty software and performs another update to resolve the issue.