How (and how not) to deploy IoT
"Those who do not remember the past are condemned to repeat it," said philosopher and writer George Santayana. The same is true for Internet of Things (IoT) rollouts.
The IoT landscape is changing rapidly. Emerging startups offer software stacks that standardize the rollout process. Bigger players are buying up smaller fish in an effort to become one-stop shops.
Yet there's still no one-size-fits-all solution for something as complex as an IoT rollout. It will be a long time before a vendor starts offering a plug-and-play IoT-in-a-box solution. Until that day comes, here are some tips to help bring your next IoT project in on time and under budget.
Tip: Bite off only what you can chew
Project goal: Equip utility infrastructure with sensors so it can communicate with back-office IT
Earlier in his career, Nate Lesser worked with several electric utilities that aimed to create an IoT network that gathered data from electrical equipment in the field. The results serve as a cautionary tale for how an IoT rollout can fail to meet its potential.
"The expected benefits were not realized," says Lesser, now a managing director of MasterPeace LaunchPad, a technology consulting company. Broad-based device deployment turned out to be more complex—both technically and organizationally—than the utilities could handle.
The hope was, by combining data feeds from both operational and IT systems, the utilities could get a unified picture of what was happening throughout the organization. That kind of sweeping promise often attracts companies to big digital transformation projects. What went wrong?
"The ability to capture and correlate data requires the deployment of an array of new technologies," says Lesser. His project needed the following elements to be successful:
- A unified management console—like one of the many commercially available security information and event management systems—to ingest IT feeds and operational technology data
- A broad-based, consistent, and accurate deployment of IoT devices and sensors to feed the centralized management console
These systems were not implemented. Note to senior management: All the sensors in the world won’t help meet goals if you can't make sense of what they're telling you.
You need a consistent and disciplined plan for both collecting and marshaling the information IoT devices deliver. That, in turn, may require more investment —in hardware, software, and staff who can manage big data—than you're prepared for.
The lesson? Don't bite off more than you can chew. "Establish a strategy that will allow you to extract value along the way," says Lesser. "If your strategy requires a complete overhaul of your infrastructure to gain any benefits, you aren't likely to succeed."
Tip: Sweat the small stuff
Project goal: A network of IoT devices that listen to hotel guests' commands
Chris Squatritto, a vice president at cybersecurity service provider Mosaic451, is helping a Las Vegas hotel with an IoT rollout that involves installing a network of voice-activated communication devices in every guest room. "Once completed, these devices will allow guests to order their bags from the bellmen, request show tickets, and order room service," he says.
The ROI isn't hard to see, but success requires more than just plugging in the gadgets and hooking them up to Wi-Fi.
First up are some network basics. IoT devices create a complex wireless network topography as they sling bits around your factory (or casino, in this case), so Squatritto’s client hoteliers needed to add:
- Additional virtual LANs
- Quality-of-service policies
- Device utilization monitoring
The hotel chose to go with an off-the-shelf device, the Amazon Echo, for the voice interface for the system. However, using consumer devices as is can be dangerous in enterprise settings. "Even though these devices come from a trusted source," says Squatritto, "there is no assurance that they won't be used to launch an IoT-based denial-of-service attack, thanks to an undisclosed vulnerability, or even be jail-broken and transformed into listening beacons."
To prepare for such eventualities, Squatritto's company was brought in to help build "additional security services that will ensure that, if a device is breached, a notification of the incident is sent immediately so the device can be removed."
The lesson? Underestimating relatively simple IoT projects can create a false sense of security.
Tip: Don't rely on antique tech
Project goal: Turn existing network-capable devices into an IoT network
Prospects: Proceed with caution
Supervisory control and data acquisition (SCADA) systems are an older technology that many consider a forerunner to modern industrial IoT systems. The line between SCADA and IoT is blurry. In fact, many IoT rollouts seek to build IoT on a SCADA foundation.
But that can be risky. "The protocols used in SCADA systems are often proprietary and, when initially designed, were not linked with the outside world," notes Pascal Geenens, security evangelist at Radware, an application delivery and cybersecurity solutions provider. "Most SCADA and data acquisition protocols were layered on top of IP with minimal changes. While providing ease of integration and convenience for deploying new nodes in existing networks through backwards compatibility, security was not a consideration."
And when these devices and protocols connect to the open Internet, bad things can happen. "With no authentication, message repudiation, or confidentiality, these systems that control our day-to-day lives are open and exposed," Geenens says.
It's not just sensors and SCADA devices that pose problems. It's also the systems that control them. "Presentation and control systems are typically built from common off-the-shelf hardware and run on top of Windows or Linux or some other form of Unix," he says. "The combination of these factors makes the system vulnerable for attacks from malware."
After all, the infamous Stuxnet malware got access to the Iranian nuclear enrichment centrifuge control system "by infecting the control and presentation PC and controlling the angular velocity of the centrifuges while faking sensor measurements to the presentation layer," Geenens says. In doing so, it "tricked the operator into thinking all was fine."
The lesson? Using legacy tech to create an IoT network can be more trouble than it's worth.
IoT deployment: Lessons for leaders
- Don't bite off more than you can chew. "Establish a strategy that allows you to extract value along the way," says MasterPeace LaunchPad's Lesser.
- Using consumer devices "as is" out of the box is never appropriate.
- Adapting legacy tech to build an IoT infrastructure is a recipe for disaster.
This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.