Comment: The Power of IoT
The rapid advancements in the number and adoption of IoT devices brings with it increasing convenience in our everyday lives. At present, every UK home owns at least ten IoT devices, and this is expected to grow to 15 per household by 2020. Further, with an estimated 2.3 billion connected devices powering our smart cities, the power of IoT is revolutionising the world around us, with the potential to have an annual economic impact from US$3.9trn to $11.1trn worldwide by 2025, according to The McKinsey Global Institute.
However, as the development of IoT devices continues to accelerate, and we continue to adopt IoT into our smart homes, smart offices and smart cities, we must place data security at the core of device design. Over the past year, we have seen many IoT-borne attacks and breaches make headlines. At the start of June, 700,000 routers were globally classified as vulnerable to the VPNFilter malware, which is designed to inject malicious payloads into web traffic and collect users’ passwords and sensitive information. Similarly, a North American casino recently learnt that even an innocent looking internet-connected device, such as a fish tank, can cause tremendous damage if it is not properly secured. By hacking the tank’s PC-connected sensors that were used to regulate food, temperature and cleanliness, cybercriminals acquired 10GB of sensitive data from the casino’s network.
Secure by design
As internet-connected devices continue to power key infrastructure in smart cities around the world, the need to secure devices and our data is critical. As IoT networks expand across cities, so does a range of vulnerabilities which can be exploited by cybercriminals. Whilst smart cities are designed to provide ultimate productivity and efficiency for citizens, the risks can be serious if cybersecurity is neglected. With possible threats including identity theft, ransomware attacks on smart buildings and sabotaging attacks on critical infrastructure, such as power grids, water supply and traffic control, systems need to be secured on every layer possible.
We believe that security should fundamentally be incorporated during the design phase from deep chip level right through to the cloud using well-researched cryptographic building blocks and applying secure software development practices. In other words, security should be treated as a primary design parameter. Any system should be able to quickly detect any inconsistencies and threats before there is any opportunity to cause significant damage. With this, once an attack is detected, the system should immediately be able to isolate infected devices to contain the attack, and fix the vulnerability by patching affected devices.
Regulations to ensure security
Whilst IoT devices should ultimately be secure by design, there is also a need for some level of regulation to help ensure that IoT device manufacturers face repercussions if they compromise on security to save money. Most IoT device makers do want to provide their customers with secure products, but the battle between security and profitability means that often compromises are made.
The biggest challenge that the industry faces today is defining a standard level of security for manufacturers to adhere to, due to the varied and fragmented nature of the IoT market. We believe that best practice is to provide a simple, cost-effective solution for the IoT industry, which can then be backed by regulation.
The future of IoT
Despite its challenges, the future of IoT is bright, and governments around the globe are recognising and supporting this. Earlier this year, the UK government introduced a five-year £1.9bn security initiative – the Secure by Design review – to better secure IoT devices around the country. It is fantastic to see that the review has been developed in collaboration with device manufacturers, retailers and the National Cyber Security Centre to address the number of glaring vulnerabilities in smart devices.
By providing established guidelines to address the challenges that the IoT industry faces, and ensuring security is embedded from the start of the design process, IoT manufacturers, customers and retailers will be able to reap the benefits of better connected, smarter and more protected devices.
Asaf Ashkenazi, previously Vice President of IoT Security Products at Rambus, is a cybersecurity expert with over 15 years’ experience in the field.
Future-tech and IXAfrica: Full Life Cycle Expertise
Future-tech is unique among data centre consultancies for a number of reasons. Not only does the Reading-based firm have high levels of expertise in markets ranging from Helsinki to Johannesburg, but Future-tech offers services across the complete life cycle of a facility.
“We are involved with projects from the initiation to completion,” explains James Wilman, Future-tech’s CEO. “We go from initiation phase - which could mean the site selection process or technical due diligence for a merger or acquisition - all the way through establishing the brief, the various design stages, construction oversight, commissioning, operation, end of life cycle replenishment, and can start right back at the beginning with refurbishment.”
While some factors, like the facility requirements for major tenants, remain the same no matter where you are, Wilman explains that “it's the environmental conditions, construction methodologies, supply chain, and skill sets available in different locations that vary, and that makes this a very interesting job.”
Future-tech was selected by IXAfrica as the life cycle design strategic partner for its hyperscale campus project in Nairobi, Kenya. Wilman explains that, over the past year, Future-tech has been leveraging its strong local knowledge, working closely with Kenyan architects and engineers, and collaborating with both Guy Wilner and Clement Martineau, to help IXAfrica successfully deliver Kenya’s largest hyperscale data centre.
“Future-tech did its first project on the African continent in 2012 in Kenya. I've been involved in the data centre space there for a long time, and have known Guy for a number of years through projects and interaction in Europe,” says Wilman. “As the IXAfrica project came into being, Guy and I spoke about it as he knew that we were already quite familiar with the area. We assisted out with the initial planning and project design, and the relationship really grew from there.”
Wilman adds that the experience helping Future-tech support the IXAfrica project has been hard-won. “It's been a steep learning curve, figuring out how to work in Africa. Some of our earlier projects were quite challenging, but we're fortunate to be at a point now where working throughout the region feels really comfortable,” he explains. “One of the things about Nairobi - which we found out when we were working on our first project in the city back in 2012 - is that, because it's about 1,200 metres above sea level, the altitude actually de-rates the onsite equipment. Having your equipment perform less well because of the altitude can massively impact the whole facility.” Understanding the factors that define a local environment can be the difference between success and disaster for a data centre, and Future-tech’s extensive experience in Kenya is a key supporting factor for IXAfrica’s success in Nairobi.
Wilman has also developed a strong collaborative relationship with Guy and Clement. “We've got over a gigawatt of design projects going through our office at the moment with different clients, which means that we're always learning new things. What is refreshing about working with Guy and Clement is that when we bring them a new idea, they listen to us,” says Wilman. “We've had a good run in Nairobi with IXAfrica built off of a long relationship, and I hope we get to continue working with them on their future projects.”