What are IoT devices?
IoT devices are the nonstandard computing devices that connect wirelessly to a network and have the ability to transmit data, such as the many devices on the internet of things (IoT).
IoT involves extending internet connectivity beyond standard devices, such as desktops, laptops, smartphones and tablets, to any range of traditionally "dumb" or non-internet-enabled physical devices and everyday objects. Embedded with technology, these devices can communicate and interact over the internet. They can also be remotely monitored and controlled.
What is an example of an IoT device?
Connected devices are part of an ecosystem in which every device talks to other related devices in an environment to automate home and industry tasks. They can communicate usable sensor data to users, businesses and other intended parties. The devices can be categorized into three main groups: consumer, enterprise and industrial.
Consumer connected devices include smart TVs, smart speakers, toys, wearables and smart appliances.
In a smart home, for example, devices are designed to sense and respond to a person's presence. When a person arrives home, their car communicates with the garage to open the door. Once inside, the thermostat is already adjusted to their preferred temperature, and the lighting is set to a lower intensity and color, as their smart watch data indicates it has been a stressful day. Other smart home devices include sprinklers that adjust the amount of water given to the lawn based on the weather forecast and robotic vacuum cleaners that learn which areas of the home must be cleaned most often.
Enterprise IoT devices are edge devices designed to be used by a business. There are a huge variety of enterprise IoT devices available. These devices vary in capability but tend to be geared toward maintaining a facility or improving operational efficiency. Some options include smart locks, smart thermostats, smart lighting and smart security. Consumer versions of these technologies exist as well.
In the enterprise, smart devices can help with meetings. Smart sensors located in a conference room can help an employee locate and schedule an available room for a meeting, ensuring the proper room type, size and features are available. When meeting attendees enter the room, the temperature will adjust according to the occupancy, the lights will dim as the appropriate PowerPoint loads on the screen and the speaker begins his or her presentation.
Industrial IoT (IIoT) devices are designed to be used in factories or other industrial environments. Most IIoT devices are sensors used to monitor an assembly line or other manufacturing process. Data from various types of sensors is transmitted to monitoring applications that ensure key processes are running optimally. These same sensors can also prevent unexpected downtime by predicting when parts will need to be replaced.
If a problem occurs, the system might be able to send a notification to a service technician informing them what is wrong and what parts they will need to fix the problem. This can save the technician from coming on site to diagnose the problem and then having to travel to a warehouse to get the part needed to fix the problem.
How do IoT devices work?
IoT devices vary in terms of functionality, but IoT devices have some similarities in how they work. First, IoT devices are physical objects designed to interact with the real world in some way. The device might be a sensor on an assembly line or an intelligent security camera. In either case, the device is sensing what's happening in the physical world.
The device itself includes an integrated CPU, network adapter and firmware, which is usually built on an open source platform. In most cases, IoT devices connect to a Dynamic Host Configuration Protocol server and acquire an IP address that the device can use to function on the network. Some IoT devices are directly accessible over the public internet, but most are designed to operate exclusively on private networks.
Although not an absolute requirement, many IoT devices are configured and managed through a software application. Some devices, however, have integrated web servers, thus eliminating the need for an external application.
Once an IoT device has been configured and begins to operate, most of its traffic is outbound. A security camera, for example, streams video data. Likewise, an industrial sensor streams sensor data. Some IoT devices such as smart lights, however, do accept inputs.
What is IoT device management?
Several challenges can hinder the successful deployment of an IoT system and its connected devices, including security, interoperability, power/processing capabilities, scalability and availability. Many of these can be addressed with IoT device management either by adopting standard protocols or using services offered by a vendor.
Device management helps companies integrate, organize, monitor and remotely manage internet-enabled devices at scale, offering features critical to maintaining the health, connectivity and security of the IoT devices along their entire lifecycles. Such features include:
- Device registration and activation
- Device authentication/authorization
- Device configuration
- Device provisioning
- Device monitoring and diagnostics
- Device troubleshooting
- Device firmware updates
Available standardized device management protocols include the Open Mobile Alliance's Device Management and Lightweight Machine-to-Machine.
IoT device management services and software are also available from vendors, including Amazon, Microsoft, Google, IBM, GE and many others.
IoT device connectivity and networking
The networking, communication and connectivity protocols used with internet-enabled devices largely depend on the specific IoT application deployed. Just as there are many different IoT applications, there are many different connectivity and communication options.
Communication protocols include CoAP, DTLS, MQTT, DDS and AMQP. Wireless protocols include IPv6, LPWAN, Zigbee, Bluetooth Low Energy, Z-Wave, RFID and NFC. Cellular, satellite, Wi-Fi and Ethernet can also be used.
Each option has its tradeoffs in terms of power consumption, range and bandwidth, all of which must be considered when choosing connected devices and protocols for a particular IoT application.
In most cases, IoT devices connect to an IoT gateway or another edge device where data can either be analyzed locally or sent to the cloud for analysis. Some devices have integrated data processing capabilities that minimized the amount of data that must be sent to the cloud or to the data center. This type of processing often uses machine learning capabilities that are integrated into the device, and is becoming increasingly popular as IoT devices create more and more data.
What security risks do IoT devices pose?
The interconnection of traditionally dumb devices raises several questions in relation to security and privacy. As is often the case, IoT technology has moved more quickly than the mechanisms available to safeguard devices and their users.
Researchers have already demonstrated remote hacks on pacemakers and cars. In October 2016, a large distributed denial-of-service attack dubbed Mirai affected DNS servers on the east coast of the United States, disrupting services worldwide -- an issue traced back to hackers infiltrating networks through IoT devices, including wireless routers and connected cameras. Similarly, in 2015 a team of researchers proved that it was possible to take control of a Jeep by exploiting a cellular network and the vehicle's Controller Area Network bus.
However, safeguarding IoT devices and the networks they connect to can be challenging due to the variety of devices and vendors, as well as the difficulty of adding security to resource-constrained devices. In the case of the Mirai botnet, the problem was traced back to the use of default passwords on the hacked devices. Strong passwords, authentication/authorization and identity management, network segmentation, encryption and cryptography are all suggested IoT security measures.
Concerned by the dangers posed by the rapidly growing IoT attack surface, the FBI released the public service announcement FBI Alert Number I-091015-PSA in September 2015, which is a document outlining the risks of IoT devices, as well as protections and defense recommendations.
In August 2017, the U.S. Senate introduced the IoT Cybersecurity Improvement Act, a bill addressing security issues associated with IoT devices. A subsequent bill called the Internet of Things Cybersecurity Improvement Act of 2020 sought to further improve IoT related cybersecurity by requiring NIST to develop and publish standards and guidelines on the use and management of IoT devices. Although these standards are intended for use by federal agencies, they will almost certainly be adopted by the private sector as well.
IoT device trends and anticipated growth
The estimations for future growth of IoT devices have been fast and furious. At the high end of the scale, Intel projected that internet-enabled device penetration would grow from 2 billion in 2006 to 200 billion by 2020, which equates to nearly 26 smart devices for each human on Earth. A little more conservative, IHS Markit said the number of connected devices will be 75.4 billion in 2025 and 125 billion by 2030.
Other companies have tempered their numbers, taking smartphones, tablets and computers out of the equation. Gartner estimated 20.8 billion connected things would be in use by 2020, with IDC coming in at 28.1 billion and BI Intelligence at 24 billion.
Gartner estimated total spending on IoT devices and services at nearly $2 trillion in 2017, with IDC projecting spending to reach $772.5 billion in 2018, 14.6% more than the $674 billion it estimated to be spent in 2017, with it hitting $1 trillion in 2020 and $1.1 trillion in 2021.
The key to making effective use of IoT devices is to make sure that you start your IoT strategy on the right foot and that you understand how the edge and IoT are intertwined with one another. Regardless of whether you have IoT devices already in use or are considering adopting IoT devices in your organization, make sure you're prepared to handle the unique security challenges presented by IoT devices.