Security is the foundational enabler of IoT
Cisco recently picked up Jasper for $1.4B and created quite the eye-opening stir in the world of IoT, and what a massive world it is. In some ways that makes it easy to gloss over the term like ‘cloud’ or ‘mobile’ before it, indeed it may be the next step in the progression, but my advice would be to pick an industry if you want to dive deeper. The trend of our ever-more-connected world is far too large to fit in one neat buzzword basket. Here, I would like to snapshot a little of what’s happening in ‘IoT Security’ (Map courtesy of CB Insights.)
Security is the foundational enabler of IoT because in the areas where it is seeing the most adoption and deployments (e.g. Industrial and Automotive) it is imperative that such parameters be in place to meet compliance protocols. There is simply more at stake than with your wearable fitness band (not that the number of steps you took today isn’t important). But are you going to run the risk of jeopardizing $10’s of millions of dollars in heavy machinery or the lives of passengers? No, of course not. The cost-savings associated with limiting down-time in such machinery via numerous sensors only holds if there is NO way you can lose access to them. Similarly, as we saw in the case of the hacked Jeep, the ability to send software updates and information to our vehicles seems rather moot if by way of IoT tech the driver can lose control!
How ‘smart’ is any device that isn’t also secure?
As IoT unveils itself and more and more business cases are presented, conversations are not likely to ensue without the appropriate security provisions and assurances in place. There is often very sensitive data and massive quantities of it being transmitted, and how ‘smart’ is any device that isn’t also secure? The incumbents (e.g. Qualcomm, Cisco, Microsoft, Intel, GE) are investing heavily in an effort to get in front and lead in IoT, rather than rely on startups and later acquisitions as we see to varying degrees in enterprise mobility. In Cisco’s early move with Jasper, they not only get one of the leading IoT platforms on the market, but also all its partnerships and distribution deals with smaller IoT providers. Gemalto for example announced just such a deal at Mobile World Congress this year, an agreement by which their encryption software will be used to secure IoT connections using Jasper’s platform.
There are in fact a lot of companies (big and small) and their respective investors looking at this set of problems. The four ‘IoT Cybersecurity’ companies included in the chart above (Mocana, Nexdefense, Bastille, Security Innovation) have raised a collective ~$100M from investors including GE, Intel, Symantec, Shasta, and Bessemer. And speaking of GE, when it comes to securing the Industrial Internet-of-Things (IIoT), there’s certainly no bigger player. They acquired WurldTech back in 2014, recently announced a partnership with Mocana, continue to invest in software companies including cybersecurity, and are making all efforts to ensure Predix is the gold-standard in the industry.
There’s an IoT obligation in preventing our hospitals and energy infrastructure from being hacked.
We read about the hacked medical center (as recently happened to a Hollywood hospital), or worse yet, the hacked nuclear facility (as in the famous Stuxnet), and it is easy for the fearful imagination to run rampant as we contemplate orders of magnitude more connectivity via IoT. It is true, there’s an IoT obligation in preventing our hospitals and energy infrastructure from being hacked. The good news is that while there are certainly vulnerabilities that can be identified and potentially exploited out there in this new wild west, the Internet-of-Things use case is a bit different than that of your laptop and mobile phone. Specifically there is prioritization in the network in some sense versus the device. Subsequently, look to network security provisions to literally take on a mind of their own. This will make for interesting developments and times all ‘round. Plus, it seems that larger players are making a concerted effort to create consensus and guidance, dare I say standards, in this world wide web of IoT. And in the creation of organizations like the IoT Security Foundation (Vodaphone, ARM, Infineon) and the Secure IoT Project (Stanford, UC-Berkeley, U-Michigan), I at least take a little comfort that we are learning from this revolutionary invention we call the Internet.