• United States

What happens if IoT security doesn’t get solved?

News Analysis
Jun 05, 20184 mins
Internet of ThingsSecurity

A new Bain & Company report says security concerns are slowing IoT adoption. Is this problem fixable — and what if it isn’t?

Sometimes, confirmation of the obvious can be really important. At least, that’s how I felt when I saw a new Bain & Company report, Cybersecurity Is the Key to Unlocking Demand in IoT.

According to the consulting firm’s survey, 45 percent of Internet of Things (IoT) buyers say “concerns about security remain a significant barrier and are hindering the adoption of IoT devices.” Worries over IoT security are hardly news, of course. I’ve been writing about them here on Network World for a while, and a quick internet search for IoT security rains down more than a million hits.

So, why am I paying attention to this particular report? Bain focuses on the gigantic potential market for IoT security. The report says enterprise customers would buy 70 percent more IoT devices if they had better security. And almost all respondents — 93 percent — would pay some 22 percent extra for IoT devices that have better security. Bain estimates that better IoT security could grow the IoT cybersecurity market by $9 billion to $11 billion.

The IoT security market doesn’t really matter

That’s a lot of money, but it’s not what struck me when I read the report. Instead, I started wondering about what will happen to the overall IoT market if the field’s ongoing security issues don’t get solved.

Bain isn’t blind to the prospect:

“We expect growth in the markets that comprise the IoT to continue full steam ahead, but issues around security concerns could derail that progress,” said Ann Bosche, a partner in Bain & Company’s Telcom, Media and Technology Practice, in a statement. 

You think?

Frankly, I don’t care how much money IoT security vendors make. In fact, ideally, IoT security wouldn’t even be an issue, much less a market. I mean, why should you have to spend extra time and money just to make sure your fancy new IoT implementation isn’t accidentally giving bad actors the keys to your kingdom? Shouldn’t that be part of the deal?

It doesn’t help that today’s IoT security approaches are all about how deal with and mitigate security risks. That stuff matters, but it’s by definition inconsistent and far from foolproof. And unlike some other new technologies where the risks weren’t always recognized until pretty far down the road, no one can say they weren’t warned about the IoT’s vulnerabilities.

IoT security: An essential pipedream?

I realize that total IoT security is a pipedream, but I’m still worried that the IoT’s intractable security problems won’t actually get solved in a practical, affordable fashion. I’m petrified that the understandable preference for simple, inexpensive IoT devices will continue to frustrate the folks working to secure IoT implementations. I’m anxious about wide-scale hacking of IoT devices and networks that leads to catastrophic consequences.

In addition to the human and financial toll from such a catastrophe, it would inevitably spark a severe backlash against IoT implementations and technology. That kind of a reaction could cripple IoT’s seemingly inevitable growth and keep it from reaching its potential for years or even decades.

When you think of it that way, an extra $11 billion for IoT security vendors is virtually meaningless, a rounding error compared to the stratospheric estimates of what IoT could become. (IDC says the IoT market could top $1 trillion by 2020.)

Could, that is, if IoT can somehow solve its myriad security issues and convince buyers and users that having these devices constantly collect, share, and automatically act upon vast amounts of data isn’t putting people and property at risk of being taken over by bad actors, or even disrupted by simple incompetence.

That’s what’s really at stake here. And despite hints of progress, I’m far from confident that the IoT’s security problems will ever get the attention they require.


Fredric Paul is Editor in Chief for New Relic, Inc., and has held senior editorial positions at ReadWrite, InformationWeek, CNET, PCWorld and other publications. His opinions are his own.