The IoT Fear Factor

The IoT Fear Factor
How can we head to an even more interconnected existence, the thinking goes, when we still don’t have a handle on cybersecurity?

This content is part of a program managed by the Economist Intelligence Unit, sponsored by Accenture and Pegasystems. “Digital Evolution: Adapting Business for a Digital World” aims to shed light on the world of digital business—the strategic imperatives, challenges, complexities and pitfalls. All “Digital Evolution” content can be found here.


Will security, privacy and ROI concerns delay the adoption of advanced connectivity? Maybe, but here’s why it shouldn’t.

IoT—nothing inherently scary about those three letters, but mention the Internet of Things to a security service provider and you may hear lots of Old Testament-sounding prophesying. Nightmarish predictions of cyberspying, hacking and attacking abound.

How can we head to an even more interconnected existence, the thinking goes, when we still don’t have a handle on cybersecurity? The landscape is rife with well-publicized breaches—and now we’re adding everything from toothbrushes to weaponry to already vulnerable networks?

The IoT definitely makes people nervous, says Earl Perkins, a security analyst with Gartner. “It raises the stakes regarding what’s possible with technology,” he says. “With these devices, we can kill people and we can damage the environment.”

However, a lot of money is to be made from a newly connected ecosystem. IDC predicts that the IoT will offer a $1.7 trillion revenue opportunity by 2020. The danger is that companies will rush headlong in without ensuring that proper security measures are a part of overall strategy, says Perkins. But a well-devised approach—one that considers the implications of security, privacy and ROI—can allay fears and advance the adoption of IoT.

The concerns about IoT are not unfounded, says Brent Blum, Global Director of Wearable Computing at Accenture. But they are not insurmountable. To lower the fear factor around IoT, organizations have to craft solid business cases, road maps and pilot programs. They have to established partnerships to fill in knowledge and skill gaps—especially around security.

How scary is security—really?

New technology tends to breed concerns about security and privacy, says Blum. “I don’t know that anyone is trying to hack my Nest thermostat today,” he says. “However, enterprises are a bigger target and data breaches have much further-reaching effects.”

Partnering with enterprise-grade security providers is a solid first step, says Blum. The good news is that wearables or other connected devices “aren’t much different from mobile devices,” he says. Usage involves “thinking through encryption, remote wipe capabilities, and being able to push firmware updates.” One problem unique to wearables is the risk that they can record sensitive information via camera. However, geofencing can disable the devices when they’re taken out of dedicated areas.

“Overall, these are minor obstacles in a major new wave of mobility,” Blum says. “We don’t expect these challenges to curtail adoption, but they are legitimate questions.” And companies have to work through the issues before planning any large-scale enterprise IoT deployments.

Perkins agrees that some IoT security concerns are overblown. “Don’t get too depressed about it, because somewhere between 50 percent to 80 percent of what we’ve learned in information security is applicable to this problem,” he says.

Security guidelines and best practices are growing. In fact, the Federal Trade Commission (FTC) sought to provide guidance in January, issuing a report on IoT that offered best practices for security—including build security into the devices from the outset, training employees about the importance of security, putting in place a “defense-in-depth” strategy that employs several layers of security against a particular threat and keeping up to date on security patches, among other actions.

Beau Woods, Cybersafety Advocate with I Am The Cavalry (IATC), an industry group aiming to push safety and privacy standards for IoT, says that the best approach to security includes segmentation and isolation, for example, if a car’s system got hacked, it would trigger a “limp home” mode in which the system would disable noncritical functions before leading the car to veer off the road. Such a feature could greatly limit the damage of an IoT hack.

Woods says that involving the procurement department and the IT team is also crucial. “Having IT as a stakeholder can inform decision-making and prevent some type of cascading failure from one system to another,” he says.

Identity crisis?

The IoT also adds another dimension to privacy concerns. It is one thing for a cybercriminal to gain access to a person’s banking information, but with the advent of wearables and other monitoring devices, personal information gets really personal.

Access to data about an individual’s sleep, fitness, stress or lifestyle habits presents new scenarios for misuse of information. For instance, employers who sponsor wellness programs are used to gaining access to employees’ step counts. But as device capabilities expand, what’s to say that biometric data won’t be used to make job performance and promotion decisions? “Many activity trackers are starting to also turn into sleep monitors,” Blum says. “If a wellness program were handled poorly, an employee’s sleep data could be shared. Now, your boss sees that you're not sleeping well at night. Is that a point of concern for him or her? Maybe, maybe not.”

This is far from a black-and-white issue, Blum says. For instance, if you have data that show, say, that a commercial pilot is sleep-deprived, then it might be in the public’s interest to keep her grounded. Blum says that future wearable devices designed to monitor employees’ well-being can range from “an EEG monitor built into the brow of a trucker's baseball cap to a smartwatch that's monitoring your alertness and how suitable it is for you to drive a forklift or operate heavy machinery.”

Such uses cases are likely to be niche, “specifically when an employee is doing a job that could endanger their life or the lives of others, such as a heavy equipment operator—where it would be reasonable to monitor an employee’s stress, focus, concentration or fatigue,” he says.

Such identity concerns don’t have to be an impediment to IoT adoption, if handled correctly, says Blum. “The industry is headed in the right direction. The best people, the most qualified people for any given task are performing the work and creating a safer and more efficient future. It won't come without some growing pains.” However, Blum says common sense should rule deployment. “Rather than collecting this data just because it’s possible, companies should work backwards to make sure that the data solves a real problem around worker safety or worker efficiency,” he says.

Debates over workers’ privacy rights are sure to ensue, notes Woods. “Reasonable people can disagree,” he adds, “but, as we like to say, ‘I like my privacy, but I’d like to be alive to enjoy it.’”

IOT ROI

Proving ROI on IoT is yet another obstacle in the way of adoption. Given that the technology is so new, the financial reward is unclear for some companies. However, Blum notes that this is where wearable technology has the edge right now.

A clear case, he says, can be seen in training efficiencies. For instance, a growing number of companies are using wearables to help transfer knowledge from senior workers to junior ones in the field. “Companies are sending junior engineers out into the field to work on repairing or maintaining equipment,” he says. “They can have an instant hands-free video conference with the more senior engineers. That senior engineer could see what they're doing in real time. The junior engineer would have their hands free to do the work. That senior individual could walk them through the task.”

Industries like oil and gas and the automotive sector have already proven ROI through similar implementations, says Blum. If companies are thinking that perhaps wearables could save them time or money, the next step would be to design a pilot. “It's about designing a road map to a full-blown production deployment.”

Woods says when it comes to IoT instead of ROI, companies should be looking at total cost of ownership (TCO). For instance, “If you’re going to buy an insulin pump, there’s a certain benefit it gives you, but there’s also a cost to putting it on your network and linking it up to all the other systems,” he says. This way “we know—not just hope—that this will keep our patients safe and give them better treatment versus another device which might give a different equation.”

New technologies bring new risks, Blum acknowledges. But they also bring new rewards. Yes, there are elements of IoT that are cause for concern. But the hype around IoT anxiety does have one positive payoff, says Blum. “Everyone is going in with their eyes open.”


Accenture's Technology Vision for Pega 2015Learn how Accenture and Pega are applying their unique strengths to enable organizations to work effectively across company and industry boundaries in the "We Economy."

Get the whitepaper