Cloud security still the missing link in M2M
Amid bilateral cyberspying activities and the ongoing emergence of major security holes, concerns about cloud security--until properly resolved--will continue to impede wider adoption of machine-to-machine (M2M) communications and Internet of Things (IoT).
That's the one nagging thought I had as I sat through panel and track discussions at the IoT Asia 2014 conference Tuesday. Held over two days in Singapore, the show gathered various key market players and delegates from the global and regional IoT community, with many trumpeting business as well as social benefits of the technology.
But while such benefits were indeed indisputable, what remained unclear was whether the level of cloud security today would be ready to support M2M communications when the technology hits mainstream adoption.
In a post-Snowden era, governments are on alert and suspicious over cyberspying activities around the world, with some like the U.S. government absolutely unapologetic about its own penchant for spying. And despite all the advancements in IT security and wide availability of preventive tools, major gaps continue to emerge and inflict major organizations. The recent Heartbleed bug, for one, exposes a serious OpenSSL flaw that could potentially be used to uncover contents of secured messages such as credit card transactions and user passwords.
With cloud the main enabler in all IoT applications, any holes in online security can result in severe losses, especially when you think about the oft-talked about benefit of tapping M2M in the medical and healthcare sector.
Trent Mayberry, Asia-Pacific managing director of digital solutions for Accenture in Singapore, pointed to security as one of two key concerns in the adoption of IoT. A panelist at the conference, he recalled how a researcher was able to hack into a yoghurt machine, which was connected to the internet, and turn it off.
Imagine if a malicious hacker was able to turn off a pacemaker as well as the warning alerts the device was programmed to send over the Web should the patient's heart stop.
With more than 30 billion devices expected to be wirelessly connected to the IoT by 2020, imagine again what the lack of a robust cloud security infrastructure would mean for that M2M-enabled car you might be driving.
I asked the panel what had to be done to resolve security concerns that were hindering the adoption of IoT, especially in a current environment where governments remained highly suspicious of cyber monitoring and security holes were still emerging as we speak.
The common response was the need for a holistic approach and ensure security is implemented across the entire IoT ecosystem, including the device, cloud, and application.
Lim Chee Kean, CEO of Ascent Solutions Singapore, said: "As any good CIO would do, put different layers of security. If someone is able to hack into a yoghurt machine, the likelihood is that it wasn't protected very well in the first place."
Mayberry also urged for security to be considered right from the design stage. He explained that IT historically was built primarily for internal use, with companies having to figure out later how to open network access to the Web. The reverse is critical for M2M, which must be designed with public access in mind, he said.
Other IoT, M2M challenges
Security, however, isn't the only challenge in this space. Web connectivity, a necessary component in any IoT or M2M deployment, is still not pervasive today.
Wi-Fi remains a bottleneck today, noted Frederic Luu, Asia/EMEA vice president for sales and marketing for Digi International, who added that there's still need for more bandwidth, more efficiency in power, and less cost to enable more scalable and pervasive connectivity.
Luu also noted the need to identify returns of investment and the business impact of IoT for an organization. And implementation needs to be simplified, he said, adding that M2M is still complicated.
Indeed, the panelists noted that skills needed in this space are sophisticated and skillsets across several new disciplines are required, including data analysts, network engineers able to deal with device-to-server data traffic, and security professionals with the knowledge also to handle all components across the IoT supply chain.
Mayberry noted that M2M deployments won't work if the organization needs to train its staff for every device that's connected. "So making the technology simple is going to be important [moving forward]," he added.