Legend tells us about a legendary IT solution whose failures are now the stuff of legend. I’m talking about the Enterprise Resource Management Systems (ERP). There are a plethora of articles, there are even case studies written on the different instances of ERP failures. ERP promised great big things, but reality turned out to be quite different. Our focus today is not going to be ERP, but another IT solution which too promises great big things, the Internet of Things. The question, “Can we stop history from repeating itself?” assumes that IoT is going to have similar problems, but is that assumption valid? To answer that first we shall look at what went wrong with ERP.
What did go wrong with ERP?
If you read about the different ERP failure stories you find that, what went wrong was design and implementation. Systems that were working well in the testing phase broke down in the field because they were not able to scale well, there were problems in integrating with legacy systems, the employees were not trained well with the new software, there was a massive breach of confidential and proprietary information and the list goes on.
So, was our assumption valid?
Now that we have some idea of what went wrong with ERP, let’s see if our assumption was valid. Would IoT have similar problems? The obvious answer is, yes and no. If the IoT systems are not designed and implemented properly, then yes and if it is done right, then no. You don’t need Sherlock Holmes to figure that out. So the question now is how do we get it right? What do we need to do to ensure the success of IoT? I think, one of the biggest deciding factor that we must get right, is Cyber-Security.
The Dark Arts
ERP systems in principle need not depend on the internet. You can set up your own intranet for the ERP system over which you would have complete control. This would enable you to ensure the best security for your system. IoT on the other hand, is by definition, dependent on the internet. The IoT devices, by definition, need to be connected to, visible over and controllable through the internet. This opens up IoT to a whole new level of security problems.
You might be someone who is well aware about the importance of security and hence might make sure that the IoT devices that you use, are designed with security in mind and you might take all possible precautions to keep your devices secure. Unfortunately, most people aren’t like that. This, combined with the lack of guidelines for device manufacturers and a lack of far sighted approach or the attitude of compromising the future for present benefits, makes a deadly mixture which will blow up in our faces.
If you are wondering “As long as I’m doing everything right, how does it matter to me if someone else is using a poorly designed product or following poor security practices?” I would ask you to think about the future. We will have to adopt Software Defined Networking (SDN) and Network Function Virtualization (NFV) technologies among other things, in order to manage the increasing networking demands of even the near future (2020). This means, important security related features (firewall, intrusion detection etc.) are going to be offered as virtualised network functions, which will be service chained through SDN and an attacker could use these swarms of poorly designed/configured/maintained devices to orchestrate a Distributed Denial of Service (DDoS) attack against the servers hosting these Virtual Network Functions or against the SDN Controllers which would leave you completely defenceless.
DDoS attacks do happen in non SDN and NFV networks, but the best an attacker could achieve is take down the network. Disrupt service. Don’t get me wrong, I am by no means trying to undermine the severity of that situation. Rather, I’m trying to highlight the exponentially greater threat faced by the SDN and NFV networks. There, the attacker could enter your systems, steal data and do a lot more damage. To make things worse, this could not just affect you, but, hundreds of businesses, government entities, critical infrastructures, healthcare organizations, pretty much anyone who is connected to the internet!
Defence against the Dark Arts
One solution to this problem, lies with Analytics. Combining advanced machine learning algorithms with SDN, we could, in real-time, detect any security breaches and dynamically re-program the network to isolate and inspect the problematic network paths in order to defend against cyber-security attacks.
A more complete solution would require consumers who are well aware about the cyber-security implications to be the driving force for change accompanied by government agencies imposing and enforcing cyber-security guidelines to be followed by the manufacturers & service providers and by IoT solution providers not compromising by using 3rd party software modules without thoroughly inspecting them or by using poorly designed software modules in order to cut down on development time.
To sum things up...
Weather IoT goes down in history as something the future generations could be proud of, or if it goes down as a bitter lesson and a painful memory is up to us. If we choose to act more wisely and responsibly as individuals, organisations and government agencies we sure can make it a success.