NOTE! This site uses cookies and similar technologies.

If you do not change browser settings, you agree to it. Learn more

I understand

The EU cookie law (e-Privacy Directive)

The law which applies to how you use cookies and similar technologies for storing information on a user’s equipment such as their computer or mobile device changed on 26 May 2011.

Please visit ICO website for more information. http://ico.org.uk/

IoT Security: How big an opportunity?

Robin Duke-Woolley Issue: North America I 2016
Article no.: 1
Topic: IoT Security: How big an opportunity?
Author: Robin Duke-Woolley
Title: CEO
Organisation: Beecham Research
PDF size: 233KB

About author

Robin Duke-Woolley. Founder and CEO of Beecham Research Ltd. Beecham Research is based in London UK, with offices in Cambridge UK and Boston MA, and specializes in the development of the rapidly-growing M2M/IoT market worldwide, offering both market analysis and consulting services. Robin has nearly 40 years experience in the telecom/IT industry. Firstly for over 18 years in commercial roles – including IT Systems Analysis, Marketing Management, Sales Management then General Management in international technology vendor companies. Secondly for over 20 years in market analysis and consulting roles, including director of research at Dataquest/Gartner and a Principal at other leading firms before founding Beecham Research. He has been researching the M2M/IoT Connected Devices market since 2001 and is an internationally recognized thought leader in this area.

Robin is also a Director of Beecham Technology Partners, based in London UK, which provides strategy development, transaction planning and integration services for mergers and acquisitions in the M2M/IoT market.

Robin gained a BSc honours degree in Electronics, followed by an MSc in Management and Business Studies at Warwick University in the UK. He also studied at INSEAD in Fontainebleu, France.

Article abstract

Security vulnerabilities are now just part of the modern connectivity landscape. If nothing was connected, such vulnerabilities would of course not exist in the form they do. However, if nothing was connected then all the other problems associated with higher costs, lower productivity and so forth that M2M and IoT solutions seek to resolve would remain apparent.

Companies and individuals choose to be connected because they see enormous benefits. So dealing with security vulnerabilities is simply part of the technical specification that needs to be designed to make the application actually work.
 

Full Article

A common view of IoT security in the market is that it is a high priority item and a necessary cost, and becoming more necessary over time as potential threats come more sharply into focus. In other words, it is all about mitigating threats and bearing costs. I think this is ultimately an unhelpful way to look at this, as it emphasises all the negatives and can lead to a view that the way forward should be to minimise the cost for “acceptable” security. Instead, I think IoT security should be seen as a market enabler and a way of adding value in a complex world. Looked at this way gives a totally different perspective on the business opportunity.

What’s the problem?

To visualise more clearly what the IoT security issues are, Beecham Research has created an IoT Security Threat Map, shown in Figure 1.


Figure 1: Beecham Research IoT Security Threat Map

The figure shows a series of concentric layers for different parts of an overall connected devices solution – with edge devices of all types on the outer layer, different connectivity networks within that, then large numbers of alternative service platforms within that. Underpinning those are all the individual application sectors associated with IoT. Inside that layer are the system operators and then the users, connected through IT systems to Big Data solutions. Control systems are then further elements that may need to be included for certain applications, particularly in the Industrial environment.

What stands out is the typical M2M (machine to machine) application – M2M being closely associated with enterprise operations – in the IT & Networks application sector. As is normal with M2M, all the elements described above are evident in the solution but the variety of these at each layer is strictly limited. As a result, the security vulnerabilities which are present at each interface are limited in number and can therefore be quite easily managed.

Compared with this, IoT solutions are increasingly more complex. Take for example a Smart City solution that draws data from several sectors, such as Consumer, Healthcare, Transportation and Retail. This will be required to work seamlessly across these sectors, providing a rich series of services incorporating real time data from each of them. However, this means bringing together solutions in each sector with significant interoperation between them.



Figure 2: Proliferation of Interface Vulnerabilities

As a result, Figure 2 shows a proliferation of interface vulnerabilities. Not only that, if all of these systems need to interoperate seamlessly then almost by definition they should be at the same security level. However, that may mean a Consumer element needing to have the same security as a Healthcare element, or a Transportation element for example. That may add a lot of unnecessary cost or even not be commercially viable. These are the more complex sets of issues that IoT security needs to resolve.

Although this example incorporates using solutions and data streams from different sectors, this is really to emphasise the issues that need to be resolved for the IoT concept to catch hold in the market. These are by no means limited to that sort of diversity though. The market for connected devices has developed from the ground up taking into account the connectivity requirements for each type of device independently. As a result, a solution for a connected truck for example – most often for a fleet management application – is unlikely to have much in common with a connected car solution – which may be for car telematics or in-car entertainment. Although these are both within the Transportation sector, bringing these types of solutions together so they can interoperate or interact with yet another application is likely to introduce just as many security vulnerabilities.

Why is this an Enabler?

Security vulnerabilities are now just part of the modern connectivity landscape. If nothing was connected, such vulnerabilities would of course not exist in the form they do. However, if nothing was connected then all the other problems associated with higher costs, lower productivity and so forth that M2M and IoT solutions seek to resolve would remain apparent.

Companies and individuals choose to be connected because they see enormous benefits. So dealing with security vulnerabilities is simply part of the technical specification that needs to be designed to make the application actually work. By the same token, investing in additional security capabilities beyond a minimal specification may mean the overall solution can offer greater flexibility in its use. In other words, it adds value over and above the minimal offering. Viewed this way, IoT security is really just one of the essential building block for creating IoT solutions and can no more be left out than any other essential building block.

Not only is IoT security then an enabler of new solutions not previously possible to offer, it also provides a means to differentiate an offering in the market in ways that may well be seen to add value. Taken overall, this is a considerably more optimistic way to view the IoT security need than simply aiming to minimise the cost.

Getting real about the market opportunity

Viewed this way, it is not inevitable that everything will be connected in the future. There is always a need to weigh up the risks and costs against the benefits. As a result, if the IoT market is going to develop along the lines that everyone is currently hoping, adequate IoT security is a key enabler for development of the market.

It has become fashionable to predict anything from ten to 50 billion connected devices by 2020, yet this is in no way realistic. Discounting mobile phones and general purpose devices such as PCs, tablets and Web TV from the numbers, at the end of 2015 there are considerably less than 1 billion IoT devices connected to the Internet at present. This is certainly growing rapidly, but not at rates of 50% plus per annum. The vast majority of these devices are being installed as elements of enterprise processes and operations in the B2B market. The dynamic of B2B is a consistent growth rate closer to 20-30% per annum and no higher, the reason being that each device needs resources to install it and bring it into operation. There is not enough installation resource available to install at significantly faster rates, even if enterprise business plans could justify faster purchase – which they usually cannot. There is a case for faster rates of growth in Consumer or B2C markets, but in the IoT market this type of device is not currently at high levels of connection and the numbers are unlikely to develop that quickly.

These conclusions about connected devices growth rates are important to take into account for assessing the market opportunity for IoT security. If we are content with growth rates that will deliver in the region of five billion connected devices by 2020, then this is plenty fast enough to create a substantial market while also having time to get to grips with the challenges of IoT security that still need to be resolved.


Bingo sites http://gbetting.co.uk/bingo with sign up bonuses