This article was originally published on CFO.com.
Regardless of all the buzz around the Internet of Things, the promised connectivity won’t mean much until it works all the time.
If you had an unlimited budget and little need for sleep, you could attend most (but not all) of the dozens of Internet of Things (IoT) events scheduled around the world in 2016. You’d not get much actual work done, but you’d hear a lot about what’s possible when everything gets “smart and connected” and the new business opportunities that IoT will enable.
Indeed, while IoT is presently a very immature set of technologies, much more is coming, no doubt about it. But before we get too enamored with this latest shiny object, let’s ask a few fundamental questions.
IoT assumes, in almost every case, either that (a) everything works correctly all the time, or (b) we can tell that it’s not working correctly and ignore it until it’s fixed. Underlying these seemingly reasonable assumptions is the belief that we can trust all the smart connected devices in the IoT world to tell us the truth about what they’re doing all the time. If that’s not the case, a device’s “reputation” — the reliability of the data it provides — can disappear quickly and be very hard to regain.
So we should probably be talking about how we can move from a bunch of “smart connected things” to a situation where all these smart devices can actually be trusted.
That’s a tougher problem than you might think. Talk to IoT skeptics and you hear a lot of concerns about devices that don’t do something they are supposed to do at the moment they are supposed to do it, or about devices that do something they are not supposed to do at any point in time. Both of those concerns about “bad behavior” suggest that there is a new frontier in IoT, a frontier that goes well beyond what we generally think about with regard to security — and probably beyond what we have thought about privacy as well.
As I see it, the fundamental problem is that IoT platform architects and solution designers are still working with an “intelligent device” model, not with a model that requires trusted devices. It’s not as if we haven’t been here before. Safety critical system designs often include some aspect of trusted behavior via verification and validation practices, and formal proofs that the automation will work correctly even in difficult-to-imagine circumstances. Such systems always “degrade gracefully” and “fail safe,” but achieving that level of designed and engineered-in trust almost always comes with a steep cost and time penalty.
Whatever attitudes people about computers and other manifestations of the technologies associated with automation, they’re increasingly integrated into our everyday lives, and IoT will only accelerate that ubiquity. The benefits we get from billions of smart devices is assumed to outweigh the hassles of an occasional failure and the burden of continuing maintenance and upkeep. When problems with security, performance or privacy are discovered (and they always are, sooner or later), we expect that the issue can be fixed with a software patch, even if millions of devices have to be patched. If the fix is provided promptly, explained convincingly, and easy to implement without major disruption, we are generally happy to continue to use the device — and wait for the next problem to surface.
However, if the trust bubble ever bursts, watch out. Younger users, tech-savvy or not, have shown themselves to be very quick to decide if a device or service is (a) reliable and (b) trustworthy. They’ll tolerate unreliability if they can be sure that they’ll know when something isn’t working properly (think cell phone service). But they will tell their friends (and everyone else) on social media when they find something they feel they can’t trust. And when you embed a smart device into multiple aspects of everyone’s everyday lives, you’d better make the results easy to use, highly dependable, and totally fail-safe, as the “trust” bar is going to go way up immediately.
We are being told that IoT devices will become critical at both the personal (connected things) and business (industrial internet) levels. If that’s to become true, ask yourself, “How do semiconductor and software teams create the kind of trust we need without spending a fortune on each design?” This is going to be a (maybe the) real IoT challenge for the next decade.