Southwest of Silicon Valley is Pillar Point Harbor. Waves just outside the harbor routinely reach 25 feet and peak at 60 feet. Considered far too dangerous to surf until three guys and a dog named Maverick forever changed the relationship between the waves and people. Today, the Mavericks surfing competition comes live on the big screen at AT&T Park. A film suitably called Chasing Mavericks can be seen. Shifting from impossible to universal acceptance…we should strive for similar mastery when it comes to the Internet of Things (IoT).
Much of the IoT hype happens to be based on changes already observable. The question now is how to motivate pioneers and innovators to develop the skills and courage to turn the changes into a global phenomenon everyone gets to enjoy. We see the following major waves worth learning to ride:
1st Wave: Scale in Numbers – Even if nothing else changes, sheer numbers can drastically change the value of a service. If you put enough cars (especially with human drivers) on the road, you get traffic and anticipated benefits are greatly diminished. Put 30 billion or more things on the Internet and try to manage them? Same thing. Scale is probably the best-understood challenge because everyone begins to see the problems as a bottleneck somewhere in the value chain forms very quickly. Such bottlenecks will shift when alleviating one issue exposes the next. In the last decade (2005-2010), Internet connected devices grew from just under 2 billion to 6 billion. That velocity is accelerating. Almost every survey now sees the next tripling of units coming in 4 years or less. What is process do we rely on now that is likely to break? Today, one of the biggest bottlenecks to scale is HTTP(S) or the SSL/TLS protocol. The evolution of this protocol has added more and more back and forth communication creating a tremendous overhead before any payload is even sent. Everyone complains about bandwidth and latency affecting performance and the rapid increase in devices will force old practices to change.
2nd Wave: Mixing the World Towards Simple Devices – Scale speaks to increasing numbers, but there is another interesting shift. The IoT world has many simple and purpose-built devices. Devices having the computational power of things not seen in the modern age of computing in a decade or more. These simple items have been around all along, they just didn’t want to connect to the internet or each other until now. It’s practically impossible for these devices to perform the math and speed of communications to meet modern security schemes. Imagine a world where almost everyone has no more than a second grade education. I know, many of you may reply “Welcome to my world.” These “second-graders” would still need and want to get around so they would just drive cars (without getting a license) and do their best to read signs and maps exercise judgment in dangerous situations all the while hoping not to be exploited by people who know they will forget to lock their cars or leave the keys. The IoT will face this most serious shift where the activity on the Internet comes from a larger galaxy of simple devices. The low-cost-simple devices cannot come close to performing as their expensive counterparts with full-blown operating systems, general processors, and ample memory. Thus, security and other functions are cut and the goodwill of strangers becomes the thin line of defense for everything we have connected.
3rd Wave: Medieval Security Architecture Fails – Ask any CIO, CISO, or CTO about the bring-your-own-device (BYOD) trend they will use the word nightmare or headache repeatedly. There is no stopping the flood of phones, watches, tablets, fitness bands, and other devices being brought into the network by your most trusted users. If you think the BYOD trend is bad, it will be nothing compared to all the unsecured simple devices being installed behind your firewall all bearing the right credentials to go out to the Internet to mingle with the masses. In Medieval times, the moat around the castle worked well as threats came from enemies traveling on land. The moat seems silly for an airborne or underground invasion. The moat is completely useless when your citizens and soldiers bring Trojan horses full of unknown items into the keep every day. We are wasting our time using SSL and Certificate Authorities in the IoT, yet everyone feels obligated to put on their best clothes and attend this security theater. Why?
4th Wave: Internet Relationships are Changing Forever – In the past, networks became popular as one friendly device wanted to talk to another friendly device. When distances grew, the Internet became the best way to easily add devices to communicate over long distances. Even better, the Internet functioned well with the idea that friendly connections could be made despite one party being a total stranger to the other (e.g. my computer connecting with some storefront to purchase goods). We may find SSL/TLS somewhat useless and quite ineffective today, but we must credit the idea of public and private keys as being a fabulous invention to allow strangers to share a network in a safe manner. The only scenario to really fear was the “Man-in-the-Middle” (MITM) pretending to be the friendly party. To avoid the MITM, certificate authorities were created to enable a 3rd party to vouch for another party’s authenticity. Destinations on the Internet pay certificate authorities to audit hardware and verify their business to issue a certificate that a MITM will not be able to obtain. Easy enough when there are only millions of businesses and users changing hardware every few years. In the IoT world, new parties will flood the market with no history or ability to be easily verified by any outside party. Even the number and quality of certificate authorities looks like a concern. We have all witnessed how trust is a critical part of the Internet economy for the last decade. A smartphone or other traditional computing device is transforming from connecting with a few trusted destination to connections with far more parties that rely on devices you may not even be aware of. So what happens when your device cannot trust anything it is communicating with?
These four waves of change are well underway with impacts seen today. There are probably some other waves forming that have less impact, but are worth watching because of their potential future impact. For example, the blockchain and public registries and distributed ledgers look promising for uses far beyond Bitcoin. Since the impact of cyber-currency is still less than the amount of value put onto Starbucks reward cards, it hasn’t become a major wave like the four mentioned above. We will focus on the implications of the four waves mentioned in future blogs and will introduce other waves as they develop.
We see these primary waves of changes breaking many of the common practices the world has adopted and optimized. Now, we must develop, evaluate, and deploy many new solutions to keep the Internet growing. For those who cannot swim, it’s time to learn…or find a safe harbor. For those who like to ride, it’s Mavericks time.