The Platform and Security Puzzles - MIT Connected Things Conference 2017
VDC director Steve Hoffenberg and analyst Roy Murdock made their way through the crisp, chilly (19F!) Boston Monday morning to Cambridge to attend the MIT Connected Things 2017 conference. As usual, the event took place in the MIT Media Lab, giving attendees a spectacular view of the Boston skyline and the Charles River during breaks throughout the day.
Whereas last year’s focus had been on “hard problems” and the industrial/smart city verticals, this year’s conference centered squarely around two main concept: platforms and security.
Many of the leading IoT Cloud Platform-as-a-Service (PaaS) vendors were represented in full force:
What is an IoT platform? Great question – the term is vague enough to allow almost any major vendor to market a bundle of software under the “platform” banner.
Technically, VDC defines an IoT Cloud PaaS to be a set of cloud-based device, data, and analytics management technologies, billed as a service, that allows users to build, deploy, and scale applications for IoT data analysis and IoT thing control.
In component form, this boils down 4 pieces of software that are outlined in the diagram above:
Two major platform takeaways from the MIT Connected Things:
We have demystified the IoT “platform” further in our recent IoT Cloud PaaS report, which sizes the market from 2016-2021 and identifies the 10 leading IoT platform vendors by revenue, outlining the strengths and weaknesses of each.
Security—or the lack thereof—in IoT devices was another major topic of discussion at the conference. One interesting tidbit of information came from the keynote of Harel Kodesh from GE, who said that 30% of Predix compute cycles were used for security. We don’t know whether that figure is representative of other IoT cloud services, but if so it indicates that in addition to the overt costs of security software and services, security has considerable hidden costs in the need to procure and maintain additional compute hardware, not to mention electric power consumption.
The conference concluded with two panel sessions devoted to cyber security, the first of which focused on issues in securing smart cities. Among the many topics discussed in that panel, Dr. Lan Wang, Chair of the Computer Science department at the University of Memphis, described a proposed future network architecture called Named Data Networking that could dramatically enhance IoT security by requiring every data packet to be cryptographically signed. (For an overview of Named Data Networking, see the Wikipedia page.)
Panel session on smart city cyber security (left to right: moderator Andy Catha, ARC Advisory Group; Dave Benton, Eversource Energy; Paul Carroll, City of Newport, RI; Brandon Freeman, Leidos; Dr. Lan Wang, University of Memphis; and Chris Walcutt, Black & Veatch)
In the final session of the conference, leading industry executives engaged in a lively discussion about security for connected products. The hottest topic was how manufacturers of low end consumer products can be persuaded to adequately secure their devices, minimizing the chances the devices would be co-opted into botnets such as those recently used in DDoS attacks against various Internet targets. The panelists suggested several approaches, including regulatory requirements, potential incentives, pre-vetted security software available free to device makers, and replacement of hard coded passwords with default passwords unique to each device unit. For VDC’s take on this topic, see our recently published document entitled Combating Botnets in IoT Devices.
Thanks to the staff and volunteers of MIT’s Enterprise Forum for again putting on this excellent event.