The internet of things (IoT) is an environment in which “things” – objects, animals or people – are given unique identifiers on the internet and are able to transfer data over a network without the need for human-to-human or human-to-computer interaction. The IoT has evolved from the convergence of wireless technologies, micro-electromechanical systems (MEMS) and the internet.
These are the key components of the IoT:
- Data Collection: At the core of the IoT are sensors and actuators that collect, transmit, store and act on data at the source. These devices range in size and capability. Some have minimal operating systems (OS). Others have robust embedded OS, including Microsoft Windows and Google Android.
- Connectivity: The IoT cannot exist without the interconnection of devices and sensors. Bluetooth, near-field communication (NFC), wi-fi and cellular are familiar technologies for enabling connectivity. On the horizon is NB-IoT, a narrowband IoT protocol based on current cellular technology. It will support quality of service (QoS), as well as the critical success factor for any IoT implementation: a low-power wide area network (WAN). NB-IoT will also offer security – something that many platforms and protocols for connectivity lack.
- People and processes: As the number of connected devices grows, so, too, will the need for new methods of managing, interpreting and acting on the massive volumes of data being generated and collected by those devices. The type and amount of data being collected holds potentially powerful insights. The value proposition behind the IoT is based on the idea that action will be taken based on this data. In some cases, the action may be immediate; in others, data may accumulate over time to provide trending, metrics across populations or predictive analytics. This is where people, process and risk management come into play. Process must be designed to ensure data-driven actions are well-thought-out, consistent, and aligned with strategic objectives and risk management protocols. The real promise of the IoT lies in this third component. The integration of people and processes in the IoT is required to help the internet of everything, or IoE, evolve.
The IoT is evolving rapidly, with a wide array of “smart” systems, mobile apps, personal communication devices and other platforms already networked together. Research firm IDC projects that there will be 30 billion connected things by 2020. And to paraphrase Forbes in defining the IoT, if something can be connected to the internet, its only a matter of time before it will be.
But the IoT isn’t just about connecting and gathering data from things like wireless smart devices and systems. The IoT is a critical technology transition that is essential to the development of a much bigger and deeply interconnected network and to advancing and supporting digital business.
In an increasingly digital world, senior executives and boards of directors need to be keen observers of all technological changes that could potentially impact the business and its risk profile. The IoT is exactly that type of disruptive change. Management and boards therefore must understand how to recognize the signs of IoT change and any related implications to the business model or strategic objectives of the organization.
As the IoT expands and the world becomes more interconnected – and devices in the IoT collect more and richer data from objects, machines and people – organizations across industries will face new opportunities and risks. Privacy issues, hacking and other cybercrime, and the potential for catastrophic business failure due to heavy reliance on the internet are examples of risks that businesses will need to monitor closely in the IoT landscape.
What Opportunities Does the IoT Present for Businesses?
In addition to understanding key IoT-related risks, management and boards must recognize the opportunities the IoT presents to the business, remembering that failure to take advantage of the IoT opportunity is a risk in and of itself. These opportunities may be unexpected, and previously unimagined. The IoT can bring positive disruption and innovation to even traditional, non-digital industries.
Here are some examples of how IoT has been applied to various industries:
- Consumer technology: Amazon Dash, the Wi-Fi-connected device that lets users reorder their favorite products through Amazon with the press of a button, was not only adopted literally overnight, but was also soon hacked by users to enable it to do other things, such as order a pizza or call an Uber.
- Electricity and utilities: Smart grid technology enables distribution intelligence and provides a two-way opportunity to send electricity back to the grid during peak usage periods.
- Oil and gas: By becoming “digital technology companies,” oil and gas companies can further improve rig uptime and oil recovery rates, reduce oil spillage, boost employee productivity, shrink costs, and more.
- Insurance: Environmental sensors are being used to detect temperature, smoke, toxic fumes, mold, earthquake motion and more in workplaces and other buildings and facilities.
- Automotive: Autonomous cars can help reduce traffic and increase road safety. Road sensors can alert drivers of sensor-equipped cars to rain, frost and ice. Some road sensors can also measure the thickness of ice, analyze the makeup of chemicals on the road used for deicing, and then report to departments of transportation so they can improve their application of those chemicals.
- Medical: Patient care is an obvious application for IoT technologies (including appointment scheduling and monitoring conditions). Medical device downtime can also be reduced through remote monitoring and support. IoT technology helps hospitals optimize the supply chain and reduce risk as well.
The Risks of the IoT
Considering the potential opportunities the IoT presents, perhaps the most significant IoT risk for businesses is not moving fast enough (or at all) to develop and leverage new IoT technologies and applications. Nevertheless, to succeed in the IoT world, organizations must also be aware of and closely monitor their risk exposure in areas such as privacy, interruption of service and disrupted denial of service attacks.
The Open Web Application Security Project (OWASP) helps manufacturers, developers and consumers better understand IoT security issues so that they can make better security decisions when building, deploying or assessing IoT technology. Here is OWASP’s list of the top 10 IoT risks, which organizations can use to assess their specific IoT risks:
- Insecure web interface
- Insufficient authentication/authorization
- Insecure network services
- Lack of transport encryption/integrity verification
- Privacy concerns
- Insecure cloud interface
- Insecure mobile interface
- Insufficient security configurability
- Insecure software/firmware
- Poor physical security
Read more about the internet of things in the following KnowledgeLeader documents: