Market hype sometimes gets ahead of market reality, and the current hype around the Internet of Things (IoT) is a perfect example. Offbeat ideas abound: Salesforce.com CEO Marc Benioff’s demo of a connected toothbrush is my current favorite. The hyperbolic notion that a world full of connected, intelligent devices is upon us has seized the popular imagination.
The popular imagination, however, desperately needs a reality check; in particular, the idea that getting an early lead on IoT — whatever that actually is — would be good for SAP and its customers. While SAP is definitely in the process of exploring its options and opportunities, the current hype surrounding IoT has greatly outstripped what is possible or, more importantly, desirable, for both SAP and its customers.
So as a public service to SAP, its customers, and toothbrush manufacturers everywhere, let me take this opportunity to explore, and explode, the implications of IoT for the SAP world.
The Internet and Insecurity
First and foremost, IoT is predicated on connecting billions of “things” to the internet, and therein lies the first caveat: the internet is neither safe nor secure. Indeed, the relative insecurity and treacherous nature of the internet makes charging full bore into IoT a genuinely dangerous proposition.
A quick doomsday scenario illustrates the point: Suppose a terrorist, or even a malicious prankster, wanted to wreak havoc on a community replete with IoT-connected homes, where the thermostat and the oven are connected to the internet so that a homeowner can manage heating and cooking remotely. Given the state of internet security today, it would be relatively simple to hack a number of strategically placed homes and simultaneously turn up their furnaces and stoves to their maximum settings. (Don’t just take my word for it; a reporter for Forbes Magazine was able to perform a similar hack last summer.1)
The affected houses would either burn down or take out the electrical grid, and in houses with gas appliances, the grid would be spared while fires raged. Either way, a relatively easy attack on the Nest-connected thermostats (that were just acquired by Google), could cause serious damage. At which point, it’s not likely that the opportunity presented by playing with that cool home energy management app would have been worth the trouble.
To make smart homes worthwhile, Nest (and now Google) would have to make sure these systems were truly hacker-proof, if such a thing were even possible. Their customers would have to be sure to have the latest software installed, understand the latest security best practices, and otherwise be proactive in making sure they are on top of the possible problems that could befall a connected home (similar to what consumers are doing with their credit cards in the wake of the never-ending reports of retailer security breaches, though with something more disastrous than identity theft at stake).
But no matter how well the vendor and the customer tried, the public internet and the connectivity protocols associated with it would remain the weak link. And therein lies the ultimate problem: safety and security in an IoT environment only starts with securing the communications links between devices — something the internet is only marginally good at. Then come the harder parts: What about authenticating new devices? Can your internet distinguish between a newly installed device that is secure and safe versus one that has already been hacked? Can your internet tell when a device is behind in its security updates or when a critical device — like a thermostat — is compromised and needs to be disconnected? Can your internet ensure the integrity of the data going back and forth to your devices — making sure it is clean, uncompromised, and unhacked?
Go Slow to Address Vulnerabilities
The fact that the answer to the above questions is uniformly no is precisely why taking a measured, slow pace toward supporting this world of connected devices is in SAP’s and its customers’ best interests. All the vulnerabilities of IoT — the ones I’ve mentioned are only the tip of the iceberg — are multiplied ten-fold in an enterprise. For example, real-time analyses and processes in an industrial setting require much more stringent service levels than the “five nines” or “seven nines.” Five nines of uptime translate to six seconds of downtime per week. Is six seconds in a jet engine’s or MRI machine’s week something you can afford not to monitor?
Until those issues are addressed, going slow is the best strategy. Taking the IoT hype into the enterprise will require a massive shift in how we think about the technology infrastructure of today and tomorrow: the IoT dream simply can’t be done using today’s internet.
Going slow will also allow enterprises to actually come up with strategies, best practices, and business cases for what to do with all those connected devices, the data that needs to be analyzed, and all the new operational controls that can be activated. If you think that connecting a few hundred or thousand devices to your infrastructure is hard, try figuring out how to use them effectively. You’re no more ready to optimize an IoT in your enterprise than your dentist is ready to optimize a few hundred patients streaming tooth brushing data to his or her office in real time.
Taking the First Step, Patiently
Rather than wiring up sensors and building a new IoT infrastructure, the real first real step should be to think about what would actually make sense to do with a smart office, plant, device, supply chain, or any other “smart” thing that, once connected to the internet, will theoretically yield massive gains in productivity, cost control, profitability, customer satisfaction, or any of the key performance indicators that matter to your business. Managing the big-ticket assets your company sells to its customers could be one early use case. Smart device data could be used to make maintenance and repair more predictive and cost-effective, a domain that SAP is already looking into.
Meanwhile, pay no attention to the man behind the curtain with a connected toothbrush in his mouth. It’s a great idea — maybe — but one that might be a bit ahead of its time. Do pay attention to the devices that you might want to connect to, and pay very close attention to the data analysis and operational controls you want to realize with that connectivity. Then be patient — making the current consumer internet into something safe and secure for enterprise or industrial applications won’t happen overnight. And until it does, give the IoT hype its 15 minutes of fame… and then get back to work.
1 www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack [back]