Why managed services and security underpin IoT in a hyperconnected world
Every new technology starts with a wave of intense excitement. Visionaries look into the middle distance and report back what they see: new opportunities, better services, lower costs. Ambitious early adopters take the plunge and report back from the frontier – usually to declare that the route we took wasn’t quite what we expected, and there were some bumps along the way that the visionaries hadn’t mentioned, but, yes, it looks good and the vision is attainable.
After the hype, the real work starts. By definition, a visionary new technology will be radically different from what currently exists. Where are the points of interface between them? What are the dangers and risks? In short, how do we get to the vision, from where we are today?
That’s the state of play right now with the Internet of Things (IoT), and in this blog post I’m going to concentrate on two aspects of the journey to IoT that I think are fundamental, but often overlooked – security and the delivery of reliable, continuous service across an IoT solution. In both of these areas, it is the application of network connectivity to previously unconnected devices that brings issues needing careful consideration and action.
Beware what you wish for
The greatest interest in IoT systems is currently coming from utilities, manufacturers and transport companies, although, looking ahead, new hyperconnected business services could enable huge improvements in everything from disaster responses and waste management, to medical care in underserved areas.
What’s driving this degree of change and interest is ever-smaller, more powerful and more energy-efficient processors that make it possible today to attach a chip to almost any kind of device for a nominal cost. The plus side is that almost anything that can be equipped with a processor can now be connected and given some degree of ‘intelligence’.
The downside – be careful what you wish for – is that low-cost chips come with equally low-cost built-in security, or no security at all. This is likely to result in one or both of the following scenarios:
- Devices that cannot be updated and present security risks, especially as they get older
- A highly heterogeneous and distributed pool of devices that bring added complexity for service management, with varied update and patching regimes, and with implications for incident, change and release management
While we are likely to see improvement of the ‘embedded’ security built into devices that is only part of the story as there are serious security risks associated with this technology. As the range of IoT solutions expands, so does the attack surface for cybercriminals to exploit.
The good news is that these problems are eminently solvable through designing security at the outset and by thinking carefully about the network and software design. To help with this thinking, Fujitsu and our partners are investing in new techniques and products linked to the IoT, to help tackle these challenges.
Perhaps the most important consideration is service management, because ultimately it controls and manages the IoT capability. The service management regime in your IoT deployment is going to have to come up with greater levels of integration and automation if the overall deployment is to stay in contact with the threat landscape, and provide a more proactive managed service in real time.
You can see that organizations need to recognize the risks and challenges, and work out what risks to security and continuity, if any, are acceptable and what are not. They also need to decide how to manage sensors, devices and gateways over the lifetime of solutions, not just during the deployment phase.
This means giving serious consideration to the management of processes for incidents, changes and releases, with a specific emphasis on managed security.
Fujitsu’s expertise in IoT deployments means we are working with customers to build-in security from the start, while planning for ongoing updates and management over the lifetime of a system by following several key principles. First, we recommend clearly defining the desired business outcomes, then identifying the main challenges and creating a blueprint for implementation. Next, after defining an IoT innovation roadmap for a customer, Fujitsu can work to deliver an effective program that includes security services, assurance and well-orchestrated service management.
IoT in the real world
One good way to define the business challenge is by not thinking about IoT at all. Instead, focus on your organization’s needs and goals, and only then ask what data, devices and applications can help meet those needs in the way that best serves your customers, employees and other stakeholders.
For example, we recently worked with one of the logistics giants, which had a key objective to improve the safety of both drivers and the general population, as well as to ensure optimal delivery times. The delivery firm is testing a Fujitsu solution designed to detect when drivers become drowsy on the road. The pilot project uses wearable sensors to measure driver attention levels and issue alerts and reports when readings fall below safe, acceptable levels.
Another Fujitsu customer in healthcare, Sint Maartenskliniek in Nijmegen, the Netherlands, was keen to improve how patients transition from intensive care into general care and, eventually, to be sent home. To achieve this, it is rolling out systems that measure physical data for critical-care and stroke patients – everything from body temperatures to sleep patterns – to deliver more personalized care based on real-time information and to reduce hospital stays.
In both examples, Fujitsu is helping organizations address the unique security issues those applications pose, to ensure that sensitive driver and patient information is protected. It is also ensuring that services are monitored, incidents are anticipated and addressed, upgrades are deployed and application releases are managed with minimal impacts. The solution in each case differs considerably because of the special requirements of those particular industries.
Whatever industry you operate in, the key to a successful, secure and well-managed IoT deployment is to understand as best as possible your ecosystem, your organization and your infrastructure profile, as well as your customers’ needs. Your unique security and service management considerations will depend upon the specifics of each.
For instance, the challenges for a system focused on heating, ventilation and air-conditioning in an office complex will be considerably different from those for a Smart City, which has many more public-facing infrastructure elements – security cameras, traffic lights, etc. – that increase the threat protection requirements. There will also be differing availability requirements and service levels, and the complexity of change and release cycles will need to be managed, as the impact of disruption can be critical.
Do it yourself, or managed service?
It’s clearly a complex issue and there is a decision to be taken whether to handle this from internal resources, or look for a trusted partner.
If you don’t have those resources, or if they would be better put to other uses, a well-run orchestration and managed service from a service provider able to support threat-hunting services that can detect both internal and external security issues, can help ensure that business operations are maintained without interruption.
Whatever the application, it’s important that those organizations working on IoT technologies to become the hyperconnected businesses of the 21st century, do so securely and in a well-managed way that helps them to achieve their goals and serve their stakeholders better. Whatever system you end up deploying, it’s important to make sure that security and service considerations are built in from the start.