Fear, uncertainty, and doubt in the Internet of Things

Is it a real thing or paranoia to think that 80 percent of IT administrators fear exposure through mobile devices? It's both a real thing and it requires a healthy dose of paranoia to appropriately fear the coming Internet of Things.
Written by Ken Hess, Contributor

The funniest thing to me about the Internet of Things (IoT) is the fear that's riding the wave just ahead of the IoT storm surge.

I'm not saying that the fear isn't justified but it is misplaced. Are mobile devices vulnerable? Yes. Will the Internet of Things create more security problems for us in the future? Undoubtedly. Will we hide in the corner losing our religion? Not a chance. But is there something more onerous to fear than the perceived threats to our future devices and networks? Yes, there is. I'll let the Gartner prediction speak for itself, so that you don't think I'm exaggerating again, which I, of course, never do.

"The growth in IoT will far exceed that of other connected devices. By 2020, the number of smartphones tablets and PCs in use will reach about 7.3 billion units," said Peter Middleton, research director at Gartner. "In contrast, the IoT will have expanded at a much faster rate, resulting in a population of about 26 billion units at that time."

That's 26 with a bunch of zeros after it. That's a lot of devices to be monitored and patched. That's a lot of vulnerability. What happens when we become dependent on those "things" for essential services? There's the realization that just hit you. And you thought managing 800 servers was overload. Welcome to the new age, welcome to the new age, to the new age.... It kind of makes keeping track of office supplies look like child's play doesn't it? 

You know what's more fun than 26 billion connected devices? How many different operating systems and versions of those operating systems do you think that encompasses? Did the blood just drain from your head?

Fortunately, to allay those fears and problems are companies desperately trying to get your attention in the mobile device management (MDM), mobile application management (MAM), and mobile content management (MCM) (herewith referred to as MXM) spaces. In the coming years, MXM will be something you can no longer avoid and I know you've been avoiding it. You're hoping the whole thing will blow over before you buy in.

It's not going to blow over.

But enough of what I say, how about what you say?

In a recent research effort conducted by GFI Software, "Disruption is a significant concern, as 96.5 percent of IT decision makers surveyed said that IoT would produce at least some negative impacts for their organizations, with more than half (55 percent) saying it will impose new security threats while extending existing threats to a greater number of devices. Furthermore, 30 percent said IoT will result in an increased IT spend, while 26.7 percent expected device management to spiral out of control as a result of the rise of IoT. And 14 percent expect that deploying patches across multiple platforms will present a particular challenge."

Wait, did you get that?

26.7 percent expect device management to spiral out of control. Fewer than one-third of the respondents are worried about management spiraling out of control. Interesting? You bet it is. Almost everyone said that IoT would "produce at least some negative impacts for their organizations". Wow, talk about Head-in-the-Sand syndrome.

A healthy amount of fear is a good thing. A little paranoia is a good thing. An unhealthy 26.7 worrying about spiraling management problems is alarming. I worry more about the people who aren't worrying.

And here's the thing that I don't think anyone realizes: No one is going to proactively fix it. Think Y2K here. We knew about the Y2K "bug" for 30 years and people were still scrambling at the last minute (and beyond) to fix that problem. Don't expect "them" to fix it before it happens. IoT is going to creep up on you and before you know it, you'll be out of control — literally.

Need another example?


Everyone expects "they" to fix something, but "they" never do until "they" have to.

Want to see more alarming attitudes and results?

Read the GFI press release my Frugal Networker site. When you get to the "Sea Change" part of the post, come back here and continue.

Did you read the part that stated, "...as more than three-quarters (78.6 percent) of IT administrators expect their security practices to change as a result of IoT. Among these changes, nearly one-third (30 percent) expect to have to revise policies about connectivity in the workplace to manage this adaption."?

What do the others think? More than 70 percent of the respondents said something other than that "they expect their policies to change". Who are these people?

It's a real head-shaker, for sure.

My greatest fear is the lack of paranoia. I think we become too complacent on "future" issues. Everyone will "wait and see what happens" before doing anything. I'm going to be subtle here by saying, Y2K and Heartbleed.

Is it really spreading FUD to anticipate security threats and attempt to mitigate them in a proactive way? No, no it isn't. Because you know, if you don't warn everyone to the Nth degree and keep harping on it, that when something bad happens, your brilliant management will address you smugly with, "Why didn't you tell us and keep us informed"?

Yes, I should have done that. Darn it, it just slipped up on me in the past six years since I read that post on ZDNet.

So, what can you do?

Estimate the number of IoT devices you'll consume over the next few years beginning with 2015 and estimating out to 2020 or beyond. Now, double and then triple that number. Estimate what it will take to deal with the threat, the number of devices, user training, and management efforts.

Buy an MXM suite now to help you deal with the growing needs and security threats facing you. 

Shop around for a suite from a company that understands the growing needs that you face and one that can face them with you. Ask questions. Ask potential and down-selected vendors if they have an IoT plan. If not, move on. If so, keep the dialog open.

And if you're asked to participate in a survey that has anything to do with security, be informed. Be proactive. And for goodness sakes, be paranoid. Healthily, of course.

What do you think? Are you worried about the estimated number of "things" to manage in the future? Are you worried about the security risks? Talk back and let me know.

Related stories:

Editorial standards