Why IoT is Going to Matter—a lot—to the Channel
Billions of connected, intelligent devices are entering the business mainstream as part of a collective phenomenon known as the Internet of Things (IoT). Many of these devices are connecting over networks for the first time, communicating with the headquarters as well as with other connected “things.”
As everyday physical items get digitized and connected to intelligent networks, IoT is going to usher in one of the biggest – and most lucrative digital disruptions in tech history. The IoT ecosystem, which comprises hardware, software and services, is expected to create about $11 trillion in global economic value-add by 2025, according to the McKinsey Global Institute.
When it comes to the channel, many wonder how much new business the IoT will generate. There’s scant evidence that it is generating much revenue now for mainstream channel companies, but it will soon.
New needs, New Revenue Streams
Until now, the channel has played a minor role in the IoT transition, according to a survey by CompTIA. Many are still bringing themselves up to speed or have little interest in IoT. But consider the following:
While IoT projections vary, they nonetheless predict a transition of historic proportions. As businesses connect more IoT devices to their networks, they are going to need assistance protecting their data from breaches. The complexity of IoT projects often reaches beyond what many companies can handle by themselves. That presents opportunities for managed services providers (MSPs) VARs, and other system integrators to establish credentials as trusted authorities and build profitable revenue streams.
Cybersecurity Will be Key
IOT threats are multiplying as many industry sectors that never before connected to the internet come online. In fact, by 2018, approximately two-thirds of enterprises are projected to suffer some sort of IoT security breach. Part of the problem is structural; many IoT makers, for example, don’t design their devices with security chiefly in mind. What is more, many devices were never designed to be upgraded, meaning they could be vulnerable to new and unimagined threats that appear in the future.
This leaves companies vulnerable when they fail to manage the new risk to their data networks. What’s more, IoT devices now often communicate with devices and applications operated by third party suppliers and partners. A security breach anywhere in that connected data chain will affect everybody.
Consider the example of smart grid systems, which deliver electricity from suppliers to consumers using digital technologies such as computer-based remote controls. The systems, which were designed in an earlier era, deploy a combination of devices built by different vendors using different connections and different communication protocols. The upshot: More interactions and more interactions translates into more potential points of vulnerability. Malicious hackers have already exploited inadequate security in IoT devices connected to the grid, raising the specter of far deadlier attacks against bigger targets “upstream.”
IoT Risk Profile
As much of a cliché it is to assert that “each IoT implementation is unique,” the fact is that each IoT initiative will have its own singular security profile. That’s something you can only assess during an inventory of the number of IoT devices installed on a client’s network. The same is true for the different communications protocols and applications that interact with the devices. A single solution could theoretically hundreds, even thousands, of protocols and other IoT standards, ranging from application development to device identity verification. The risk profile also should also include contingency plans in the event of an IoT breach. The plan ought to map out a range of potential scenarios and identify what to isolate to minimize IoT exposure to the organization’s most valuable data.
Voice of the Practitioner
While MSPs have remained minor players in the IoT story, Charles Weaver, the CEO of the MSP Alliance, believes that’s going to change. The reason? In a word: security.
“Even though there’s been no revenue there yet, it’s an incredibly important topic for MSPs – and it will become even more important in the next couple of years. I would say that the lack of revenue shouldn’t be thought of as anything suspicious. That’s just how businesses work. But that’s because we haven’t reached the point where [IoT breaches] have caused major headline news. When that happens, MSPs won’t be far behind.
Users often wind up breaking the new products they buy. And when that happens, they turn to their IT departments and tell them to fix and manage it. But when they can’t, IT will generally try to outsource the job. I think that within the next couple of years, you’ll see a few bad spills – and headlines – relating to IoT and that’s when things are going to change.
It’s going to all about security. If it has a heartbeat and it connects to the internet, then MSPs have the tools to manage it. The story will be about IoT’s security flaws that allow bad actors to access sensitive areas. Now that there are more and more IoT devices, like the Nest thermostat or front doors with electronically-controlled bolts that you can communicate with via the phone. These are all new access points that hacks can now exploit. [The Target breach] wasn’t specifically about IoT. But hackers showed how they could compromise a network by exploiting a weakness in the HVAC system [contractor] and that demonstrated their ability to use a [third party] as a conduit into their real target.
MSPs will hopefully advise clients when they are about to make a mistake by purchasing IoT products with bad security. If they still go ahead, those devices will need to be managed and thoughtfully architected and deployed. Or they say to the customer, `You’re doing something that makes it impossible for us to protect you.’ It’s a best practice and smart MSPs will walk away from those deals where the client insists on doing whatever they want and still believes you will indemnify them when things go wrong.”
Sources for Future Reading