In this blog, we are going to concentrate on two aspects of the journey to Internet of Things that are fundamental, but often overlooked – security and the delivery of reliable, continuous service across an IoT solution. In both of these areas, it is the application of network connectivity to previously unconnected devices that brings issues needing careful consideration and action, says Simon Rees, Fujitsu.
Beware what you wish for
The greatest interest in IoT systems is currently coming from utilities, manufacturers and transport companies. Looking ahead, new hyperconnected business services could enable huge improvements in everything from disaster responses and waste management, to medical care in underserved areas.
What’s driving this degree of change and interest is ever-smaller, more powerful and more energy-efficient processors that make it possible today to attach a chip to almost any kind of device for a nominal cost.
The plus side is that almost anything that can be equipped with a processor can now be connected and given some degree of ‘intelligence’. The downside is that low-cost chips come with equally low-cost built-in security, or no security at all.
This is likely to result in one or both of the following scenarios:
- Devices that cannot be updated and present security risks, especially as they get older
- A highly distributed pool of devices that bring added complexity for service management, with varied update and patching regimes, and with implications for incident, change and release management
While we are likely to see improvement of the ‘embedded’ security built into devices that is only part of the story as there are serious security risks associated with this technology. As the range of IoT solutions expands, so does the attack surface for cybercriminals to exploit.
The good news is that these problems are eminently solvable through designing security at the outset and by thinking carefully about the network and software design. To help with this thinking, Fujitsu and our partners are investing in new techniques and products linked to the IoT, to help tackle these challenges.
Perhaps the most important consideration is service management, because ultimately it controls and manages the IoT capability. The service management regime in your IoT deployment is going to have to come up with greater levels of integration and automation if the overall deployment is to stay in contact with the threat landscape, and provide a more proactive managed service in real time.
Fujitsu’s expertise in IoT deployments means we are working with customers to build-in security from the start, while planning for ongoing updates and management over the lifetime of a system by following several key principles.
First, we recommend clearly defining the desired business outcomes, then identifying the main challenges and creating a blueprint for implementation. Next, after defining an IoT innovation roadmap for a customer, Fujitsu can work to deliver an effective program that includes security services, assurance and well-orchestrated service management.
IoT in the real world
Focus on your organisation’s needs and goals, and only then ask what data, devices and applications can help meet those needs in the way that best serves your customers, employees and other stakeholders.
For example, we recently worked with one of the logistics giants, which had a key objective to improve the safety of both drivers and the general population, as well as to ensure optimal delivery times. The delivery firm is testing a Fujitsu solution designed to detect when drivers become drowsy on the road. The pilot project uses wearable sensors to measure driver attention levels and issue alerts and reports when readings fall below safe, acceptable levels.
Another Fujitsu customer in healthcare, Sint Maartenskliniek in Nijmegen, the Netherlands, was keen to improve how patients transition from intensive care into general care and, eventually, to be sent home. To achieve this, it is rolling out systems that measure physical data for critical-care and stroke patients – everything from body temperatures to sleep patterns – to deliver more personalised care based on real-time information and to reduce hospital stays.
In both examples, Fujitsu is helping organisations address the unique security issues those applications pose, to ensure that sensitive driver and patient information is protected. It is also ensuring that services are monitored, incidents are anticipated and addressed, upgrades are deployed and application releases are managed with minimal impacts. The solution in each case differs considerably because of the special requirements of those particular industries.
Whatever industry you operate in, the key to a successful, secure and well-managed IoT deployment is to understand as best as possible your ecosystem, your organisation and your infrastructure profile, as well as your customers’ needs. Your unique security and service management considerations will depend upon the specifics of each.
For instance, the challenges for a system focused on heating, ventilation and air-conditioning in an office complex will be considerably different from those for a Smart City, which has many more public-facing infrastructure elements – security cameras, traffic lights, etc. – that increase the threat protection requirements. There will also be differing availability requirements and service levels, and the complexity of change and release cycles will need to be managed, as the impact of disruption can be critical.
Do it yourself, or managed service?
It’s clearly a complex issue and there is a decision to be taken whether to handle this from internal resources or look for a trusted partner.
A well-run orchestration and managed service from a service provider able to support threat-hunting services that can detect both internal and external security issues, can help ensure that business operations are maintained without interruption.
Whatever the application, it’s important that those organisations working on IoT technologies to become the hyperconnected businesses of the 21st century, do so securely and in a well-managed way that helps them to achieve their goals and serve their stakeholders better. Whatever system you end up deploying, it’s important to make sure that security and service considerations are built in from the start.
By Simon Rees, Fujitsu.