IOT & Security
The confidence to build in the Internet of Things
The Internet of Things: a network full of promise emerging in a climate of fear
At the end of September 2016, the European Internet hosting giant OVH was hit by a barrage of connections. 145,000 connected objects, all hacked and operated unbeknownst to their owners, further disrupted the operation of OVH’s servers.
From surveillance cameras to television sets and toys, the number of objects connected to the Internet has already risen sharply over the past 10 years, and the risk of their being hijacked as well.
One of the main problems is that security has not always been taken into account in product design. Connected objects are often sold with old and outdated operating systems and embedded software. In addition, purchasers often fail to change the default passwords on these intelligent devices — or, if they change them, fail to select passwords that are strong enough. To improve security, an IoT device directly accessible over the Internet should only have access to a restricted network. This network segment should then be monitored to identify potentially abnormal traffic, and action should be taken in the event of a problem.
However, the manufacturers of connected objects have very varied profiles and the question of safety is more or less a priority depending on the sector: while essential for an autonomous and connected car manufacturer, it is secondary for a producer of small cameras costing a few euros each.
According to the 2016 Accenture Digital Consumer Survey, in which 28,000 consumers in 28 countries were surveyed about their use of technology, security has shifted from a being an issue of danger to being a barrier to their ability to make purchases.
Industry leaders and consumers are likely to face several challenges in getting this technology more widely adopted by the public. IoT can seem expensive and intimidating, and its development is facing more and more obstacles.
Under these circumstances, operators must cover themselves by certifying the objects they distribute to their customers because they will be directly held responsible by the latter in the event of a failure. Some operators like Orange offer an IoT Device Catalogue to help their customers understand the extensive range of connected objects on offer.
Over time, fixed and/or mobile operators have gained the trust of their customers in terms of the equipment they resell, the quality of service they guarantee, and the services and pricing models they offer. This has even enabled a worldwide mobile penetration rate of nearly 95% in just 15 years!
The challenge is that there will be more objects to connect than there will be humans on earth and that operators will have to develop the relationship of trust they have built to expand their market position in the IoT value chain.
The introduction of standards for the IoT should restore confidence in this technology
The Internet as we know it would not have been as successful at the beginning of this millennium if not for the adoption of clearly defined communication protocols such as TCP/IP, SMTP, or HTTP.
Without the same effort to standardise, IoT could be reduced to a patchwork of proprietary and incompatible networks, each dedicated to a particular application or user group.
And it would be harmful for operators to consider the IoT as an extension of the Internet to static areas of application. The challenge is to take into account the interoperability of systems and networks. Indeed, to enable International use, operators must improve their coverage through sharing, extensions, or by building a denser network.
This mobility will also allow for new network-building strategies. For example, a local operator will have significant value to offer to a new entrant in the IoT market, or to a national operator wanting to expand their coverage rapidly. Private network owners may also be able to gain a new source of revenue for their networks by allowing roaming on their infrastructure.
Another key element of the IoT concerns management platforms. Every participant in the ecosystem, be it an MNO, an MVNO, a Customer Service Provider, or even a publisher, must be able to offer solutions and business models that keep pace with this fast-growing sector.
Several leading operators, such as Vodafone, Deutsche Telekom, Telefónica, Orange and Verizon, have their proprietary IoT connectivity platform for serving all or part of their customer bases. Cisco Jasper introduced the first IoT connectivity platform in 2009 and was followed by Ericsson in 2011.
Both of these providers have achieved broad international coverage with their respective platforms and have established themselves as leaders within the sector. Other open-source actors already offer IoT platforms in SaaS or PaaS mode, which seem to offer performance levels similar to those of traditional software providers.
In this competitive environment, operators are finding it difficult to adopt a sustainable strategy when choosing to develop or acquire an IoT platform adapted to their needs.
The operators’ traditional corporate governance structures are faced with difficult strategic choices regarding the IoT value chain, as this market is still in its infancy and is disrupting existing business models. There are many who do not feel in a position to seize the opportunities on offer, either because they lack the necessary procedures (management, operations, monitoring, processing, etc.), or because they do not have an organisation that is suited to doing so.
The lack of digital leadership in the era of digital transformation has also stifled innovation and adoption of IoT as many operators, faced with uncertainty, may be waiting for the dynamics of the market to become apparent.