The Hidden Issues of IoT

If there are hidden issues in SDN and NFV then there surely are in the Internet of Things.  IoT, after all, is way ahead in the race to over-hype and perhaps the reason is that the outcome everyone would like to see is decidedly unlikely but decidedly newsworthy.  Why not sing for the press and hope for the best?  Never mind that it never really works.  The good news is that we almost certainly will see IoT success.  The question is whether we’ll recognize it when we see it.

The of IoT’s hidden issues is Internet literalism.  If we think the Internet of Things means having a zillion “things” directly on the Internet then we’re doomed to disappointment.  Almost all the barriers to IoT success come from literal interpretation of the acronym.  Direct Internet connection would mean you’d have to make IPv6 deploy, which has yet to be done.  You’d have to use cellular connectivity for the devices, which would raise the cost per device and the monthly connectivity cost to the point where many devices wouldn’t make sense.  You would have devices open to attack and misuse to the point where the number of highly publicized disasters would surely kill any momentum.

The IoT of the future will be made up of IoT proxies that are visible on the Internet and a whole series of controllers and sensors that live “underneath” these proxies.  In a few cases these will be on WiFi and use private IP addresses in the same way that most home computers and printers do.  In the majority of cases they’ll talk with control protocols like Zigbee or X10 or Insteon.  Since there would only have to be one IoT proxy per home or location, this simplifies the cost and also improves security by making it practical to protect the sensor/controllers without giving each of them a firewall and policy management system.

This architecture raises a second hidden issue, which is that IoT is standardizing the wrong stuff.  Instead of looking at how we talk to the sensors and controllers, we should be focusing on how we talk to IoT proxies.  Right now virtually every home control environment uses its own specific controller, even if they’re all accessed via the Internet.  Anyone who has fiddled with home control in any form knows that, for example, you may not be able to get Amazon’s Echo to do everything you want unless you have a “sub-controller” that can talk to the devices and be controlled by Echo.  Same with any other system.  Programs for the sub-controllers are not compatible with each other, and they don’t have the same interface to the Internet, though many will give you a web page and let you control things that way.

What would really be useful for IoT is a sensor and controller model or API set to be asserted by all the IoT proxies for all the devices under them.  With something like that you could expect to exercise control over a home/facility without having to worry about whether your control program had to be changed for every IoT proxy out there.  Remember, IoT proxies are the visible part of IoT, so they’re what we have to specify and standardize.

The next hidden issue is actually implied by the last.  It’s dependency on Internet service continuity.  Do you want everything that’s being controlled to be exposed, and every sensor that’s input to control inputs likewise?  If you do that then the IoT proxy is a simple API translator, and all your intelligence is outside the facility, connected by the Internet.  Which means that if you lose Internet access your control doesn’t work.  Most people would want to have a local control agent that could translate sensor events into control decisions.

Most home alarm systems, at least the decent ones, have battery backup and will sustain home protection for at least a couple hours even through a blackout.  Internet outages are, for most of us, far more common than power blackouts, so it’s not unreasonable to assume that you’d want to have local control at least as the basic mechanism, to be overridden or supplemented from the outside.  But if that’s the case then you’ve totally eliminated the classic notion of IoT.

Where does that classic notion belong?  That’s the next issue; we don’t recognize the distinction between open IoT elements and private ones.  There are places where open-model, on-the-Internet, IoT can make sense.  If we’re to use IoT in traffic management, retail marketing, and general augmenting of mobile contextual services we have to make the sensors generally visible.  If we’re going to use it in home/facility security then an open model is the last thing we want.  How do we manage to miss the vast difference here?

Most of the privacy issues of IoT, in the general sense, can be addressed by the IoT proxy model because we’re already addressing them successfully that way.  We do need a public model, but we’re hampered by the fact that we don’t recognize the difference between the two, which starts with a need to provide open access, moves through security/privacy, and ends up….

…in our last hidden issue, which is direct public access to sensors doesn’t scale.  If there are a thousand shoppers trying to decide if the light a block away favors their crossing without breaking stride, there is little chance the sensor will withstand the barrage of inquiries.  Further, public sensor data has great value when considered historically, but if we expect sensors to store six months’ worth of data we’re back in deep cost problems.

Public IoT is now, and always has been, a big-data-and-analytics problem.  Anyone who’s rational knows that even where sensor data is public, exposing the sensors themselves to public view might not be the smartest approach.  If we have, even for public sensors, a protected-network architecture and big-data collection and categorization, we’d have something we could hope to scale to the levels needed, and hope to secure besides.

Will IoT withstand a continuing policy of ignoring these hidden issues?  In one sense it will, because those who hype it will do what they’ve always done, which is to redefine what we mean by “IoT” to match whatever happens and then declare the revolution complete.  Everyone knows that an old revolution is an oxymoron anyway, so a quick dismissive article followed by the Next Great Thing will be enough.  However, in the financial and benefit sense, we can’t hope to get the most from IoT without addressing these points.  And what’s the point of a revolution with no real favorable outcome?