If you build it, they will come

If you build it, they will come. But will you be ready? Will any of us?

It’s almost impossible to escape the topic of the Internet of Things (IoT). Whatever the technology conversation, the IoT seems to invariably pop up, as a new opportunity to redefine an industry, a new threat to security and privacy, or just as often, both.

There’s no question that the potential of the IoT represents a significant shift in how we currently use technology – and that the change this shift will impose on us will be widespread and significant. If nothing else, the scale of the IoT should force us to take its likely impact seriously. The IoT will change how we design, use, and live with technology of almost every kind – from our homes to how we work and interact with each other – from farming to healthcare to city management, the IoT could rewrite all the rules.

There are also areas where we must have vigorous discussion early, and potentially look to governments to provide a guiding framework. Critical among those areas:

• Fears about device security and whether IoT technology can be protected from hackers and data thieves
• Lack of understanding of the privacy issues around personal data collected by IoT devices
• Lack of control over the way information is used, and the complexity of management of the devices themselves.

Yet, there is another challenge lurking beneath the surface – one that rarely gets mentioned in the breathless discussions of device vulnerabilities and privacy: how on earth will we connect all this stuff together and make it work with the systems we have today? And equally importantly, how will we make the resulting hybrid world — IoT and traditional systems — operate together securely?

Let’s not forget; we’re not building a whole new Internet here, nor are we going to have the luxury of throwing away everything that exists today — far from it. Instead, we must build the IoT, as poorly defined,and replete with risk as it is, on top of everything else that already exists.
There’s a good biblical parable, I believe, to do with houses being built on foundations of sand, and the generally poor structural engineering that results.

The problem is that even if we could get all those IoT devices secure, and even if we could make sure we’re only gathering the right kinds of information, storing it for a reasonable amount of time, disposing of it correctly and not sharing unreasonably – we’re still doing all that in the context of today’s Internet and enterprise systems. You remember those – the ones that are regularly, sometimes spectacularly, breached?

We can’t uncouple the IoT from the rest of the Internet. Nor can we assume that whatever we build will operate in isolation – there is no reset button for the Internet, nor for the enterprise and critical infrastructure that we rely on.

So rather than worry about how we make sure that 800 varieties of personal health monitoring products are sufficiently secure, maybe we should spend some time really thinking through the impact of all this technology, all this network traffic, and most importantly, all this *data* on the systems we use today.