The Challenges and Opportunities of IoT in Today’s World

In 1995, Bill Gates mentioned the concept of the “Internet of Things” in his book “The Road Ahead,” stating that “the internet only connected computers and did not connect everything.” However, this idea did not receive much attention at the time.

Although the full arrival of the Internet of Things (IoT) came a few years later than predicted by Bill Gates, it is indeed true that, as he said, everything is interconnected, and this has become an acknowledged trend of development.

In 2016, the concept of ABC was very popular: A stands for AI, B for Big Data, and C for Cloud. These three represented the development trends of the industry at that time. The rapid development of these technologies has significantly accelerated the development of the entire internet ecosystem in China, expanding the influence of the internet beyond just the Internet, gradually deepening into various fields. This has also forced many traditional businesses facing transformation to innovate their technology, catalyzing many online technological capabilities to begin to transfer and land in various scenarios. Especially in China, the combination of AI technology and the IoT industry has accelerated the practical implementation of IoT applications in various scenarios.

Looking back at the history of IoT, we can see that it has slowly evolved due to changes in industry demand. As the cost of technology deployment has decreased, the emergence of diverse network data transmission forms such as 5G mobile networks, Bluetooth chips, and WiFi, as well as the availability of smaller terminal chips, has created the necessary conditions for the rise of IoT. A perfect manufacturing system, diverse network transmission methods, and strong infrastructure capabilities provide an ideal growth environment for IoT.

China is currently transitioning from the concept of IoT to its practical application.

However, despite the rapid development of IoT, the vast environment and demand in China mean that IoT is still in the phase of practical verification from concept to implementation. During this transitional phase towards a fully integrated IoT, the current internet – IoT model still faces some significant issues.

The shift from Internet to IoT primarily involves a change in security awareness.

IoT is a trend that has already occurred and will continue to grow, providing vast creative space through its ecosystem. Shared bicycles are a typical scenario that showcases a previously unconsidered IoT rental model.

In this scenario, most people still view this from the perspective of the internet, believing it to be another explosion of the internet economy, yet few realize that without the underlying architecture of IoT, such shared economy services could not be built. This raises a question: as we transition from one era to the next, there are often many adaptations required, and these adaptations are often caused by inherent thinking. Just like during the internet era around 1998, people were confused by established logic, we are now facing a similar situation. So how do we rapidly shift our thinking from the internet to the IoT era?

The focus of the internet is on the internet part, which only achieves connectivity on the network, while IoT is more like a larger set that includes the internet. Under IoT, various devices are connected to the internet to build a larger public network, which is the fundamental difference between IoT and the internet.

Thus, the problems faced in the internet era cannot only be avoided in the IoT era; they may very well be magnified by the unique scenarios of IoT, especially security issues. Compared to the internet, IoT applications are more vulnerable to attacks, face greater threats, and are harder to protect. Among these, hacker incidents have always been a persistent issue in the internet, and these problems exist in the IoT era as well.

Since IoT encompasses a broader range, in addition to services built on the entire network facing security threats, the millions of devices connected to the cloud also face security threats. Attacks on IoT devices are not limited to large-scale device deployments; even the smallest single terminal device in IoT is an attractive target. Therefore, designers of every type of IoT device inevitably need to implement strong hardware-based security mechanisms to prevent attacks.

Especially as more edge devices are incorporated into the IoT ecosystem, it means that more data will traverse this line, and an increasing amount of critical enterprise data and personal privacy information will be placed on IoT. The security situation of IoT is very severe. Therefore, one cannot focus excessively on product experience and design while neglecting security, as any security issue in the IoT environment will be magnified infinitely, which is absolutely unacceptable for both individuals and enterprises.

According to various polling agencies, the massive number of devices connected will also bring about substantial business opportunities. According to predictions released by Alexandra Rehak, head of Ovum IoT Practice, and Steve Bell, senior analyst at Heavy Reading IoT consulting firm, by 2023, the number of globally connected IoT devices will reach 23 billion, while IoT revenue will soar to $860 billion, an astonishing growth rate.

This market scale indicates that IoT is no longer just a simple technological scenario, but a highly imaginative future lifestyle. However, everything has two sides; while we see opportunities, we must also be aware of the risks behind them.

The IoT ecosystem mainly consists of three parts: device end – transmission end – cloud end, where all data circulates among these three. For enterprises, compared to the “uncontrollable” nature of the cloud, security strategies will be more deployed at the device end and transmission end, which are visible to them.

The device end is the key to the IoT, and the most fundamental security strategy should start from the device end. Additionally, since software can be changed, the hardware level needs to endow the terminal device with certain capabilities at the time of manufacturing, enabling it to prove its identity’s “uniqueness” when interacting with the cloud for data exchange, as detailed methods will be mentioned later.

At the transmission end, edge computing capabilities are primarily utilized, as data is an important asset with a certain confidentiality nature for contemporary enterprises, especially sensitive data in critical scenarios. Edge computing can effectively address data privacy issues, supporting quantitative data processing and execution locally, allowing enterprises to handle the most valuable data on-site without having to go through cloud computing, thus alleviating concerns arising from data being placed in the cloud.

Hardware security is fundamental.

The issue of personal privacy ultimately boils down to the security protection of terminal devices.

In recent years, users in China have become increasingly concerned about their privacy protection, especially as IoT has widely entered homes, making privacy issues a focal point. Regarding user privacy, privacy is not only about protecting oneself but also preventing others from impersonating oneself. Fundamentally, the factor affecting privacy security is not people, but terminal devices. If the security strategy for terminal devices is perfect, user privacy will be well protected; if the security strategy is poor, it could lead to disasters for user privacy.

• Implementation of IoT Privacy – Device Uniqueness

Identity authentication is a crucial topic in IoT. One common method of stealing user privacy involves disguising device B as device A to access relevant data and services, which is quite common but very beneficial for hackers. This not only harms the interests of the original manufacturer of device A but also affects personal user privacy protection.

For current IoT terminal devices, one method to recognize their uniqueness is to identify the terminal identity ID, which assigns each terminal device a different identification number. For instance, Microsoft Azure Sphere embeds the identity ID for authentication into the chip at the time of manufacturing, ensuring that each device’s “ID” does not repeat. When this identity ID submits data to the cloud, the cloud can confirm whether this device was manufactured by the original manufacturer, fundamentally ensuring the independence, legality, and uniqueness of the terminal device.

• Implementation of IoT Privacy – Data Encryption

Another factor concerning user privacy is that the data generated by terminal devices under IoT also needs to be encrypted. A common scenario is smart cameras in homes, which upload photos and videos to the cloud backend. However, if this streaming information is not adequately protected during transmission to the cloud, it could be intercepted by hackers and exposed on public social media, posing a significant threat to personal privacy.

When something receives increasing attention and becomes widely adopted, it is also the most vulnerable to attacks. If we deploy IoT in critical infrastructure without proper protection, it could potentially lead to loss of life or property. For example, in scenarios such as smart buildings and smart cities, failures in critical capabilities like access control and traffic lights can have dire consequences.

The arrival of the intelligent world and the trillion “connections of things” will bring significant benefits, and enterprises cannot miss such a favorable opportunity. However, transformation comes with risks, especially when entering a completely unfamiliar ecosystem, facing the following four challenges while rapidly integrating into the IoT ecosystem.

• Data security, the most direct form is to encrypt the data, ensuring that even if it faces security threats, hackers cannot comprehend the data because it is encrypted. Additionally, key management is a crucial aspect; for example, split key encryption is very suitable for cloud computing. Users can enjoy the advantages of infrastructure cloud solutions while keeping the keys in their hands, ensuring their security. To achieve the best encryption solution for your big data environment, besides data security, the entire IoT ecosystem will involve several more layers between devices and the cloud.

• Security issues between devices and the cloud, the key to solving this problem lies in ensuring authentication when terminal devices connect to the cloud, how to ensure that the authentication review process does not go wrong. Addressing this from the hardware chip level is one way to fundamentally resolve device security authentication issues, perhaps assigning a different ID to each terminal device while also ensuring its uniqueness.

• Network transmission security must strictly adhere to security confidentiality protocols, following the most standardized security mechanisms, which is a hard requirement.

• Security compliance of cloud business is crucial in the current globalization trend, especially given the characteristics of IoT, which cannot be developed in isolation. Therefore, globalization is an inevitable process. When venturing overseas, a comprehensive security compliance standard is needed. Furthermore, security compliance is an ongoing process; today’s security does not guarantee tomorrow’s security, and today’s compliance does not ensure tomorrow’s compliance. Thus, the compliance system needs regular reviews and should be normalized to effectively ensure that all security policies and configurations are compliant and secure.

For Starbucks, coffee machines are productivity tools. The quality of coffee machines cannot be predicted in advance; once they break down, timely repairs are not possible, especially given the vastness of the U.S. where timely maintenance may not be achievable, leading to potential business damage.

From Starbucks’ annual financial analysis, coffee machine repairs account for a significant portion of their costs. Therefore, Starbucks has long sought to connect coffee machines as terminal devices to the IoT for unified management of their operations. However, the primary consideration for Starbucks regarding terminal device connectivity is security. Confidential operational data, such as recipes and daily coffee production quantities, face significant threats if the network environment is unreliable and security measures are inadequate.

Currently, Starbucks has gradually integrated Azure Sphere chips into their coffee machines in Seattle, implementing basic hardware-level security. By uploading operational data of the coffee machines to the cloud, management can monitor the operational status of all coffee machines in a region through the cloud, thus achieving unified operations for terminal devices in that area.

The Internet of Things has become an observable trend and is currently rapidly being implemented. It is foreseeable that, with the rapid expansion of IoT, the billions of terminal devices will generate data volumes that cannot be measured using existing units. The challenge is not in achieving this but in the series of preparatory work required for these terminals and the data they produce.

This also means that enterprises need to be well-prepared in four aspects to cope with the surge in the number of terminals and data volume.

Although IoT application security brings multiple requirements, the key challenge often lies in implementing mutual identity verification for IoT devices and cloud resources. As mentioned earlier, the uniqueness of terminal device IDs is essential for security. Only with IDs can interactive communication occur based on mutual trust. Especially during large-scale deployments, the ability to assign a unique ID to each device is crucial. For example, now that hundreds of millions of devices are deployed, each device plays different roles, provides various services and functions, and possesses different IDs, ensuring that devices can verify their identities when exchanging data with the cloud.

Furthermore, after assigning identity IDs, each device must also be issued an electronic certificate. This certificate is significant because, when the device requests remote services, the receiving platform can verify the device’s legality and trustworthiness based on this certificate, reducing the risk of impersonation. Ultimately, the data exchange between terminal devices and the cloud, much like communication between people, must be based on trust.

In addition to needing different IDs and electronic certificates during deployment, another significant difference lies in data collection and analysis. With the vast number of terminals, especially when the data volume cannot be described in petabytes or terabytes, the capability to collect and analyze this massive amount of data in a timely manner becomes particularly important.

This point is particularly relevant for enterprise management. As seen in the Starbucks case, in addition to automation, enterprise decision-makers need to have a unified grasp of the overall situation. Especially when the number of terminals is enormous, the decisions made by enterprise executives become critically reliant. Visual management forms such as dashboards provide the best means for enterprise decision-makers to understand the current state of the business.

After large-scale deployment of terminal devices, unified management of these terminals becomes necessary. Firstly, maintaining these terminal devices uniformly presents a challenge, especially in terms of security, where no negligence is permitted. Many people may feel that their applications are functioning well at present, but this does not guarantee that there will be no issues tomorrow. In this rapidly evolving security landscape, no product can remain secure for an extended period. If safety is compromised at any point, a mechanism for timely remediation must be in place, which could save the product from disaster.

While development presents numerous security risks, ensuring safety is crucial.

In recent years, we have witnessed the practical applications of IoT in various scenarios, clearly demonstrating its growing influence. However, in the face of China’s vast overall scale, IoT has a long way to go. In the security domain alone, a comprehensive transformation from culture to technology is necessary. This is why it was mentioned at the beginning that China’s IoT is still in the process of transitioning from “concept to practice”.

Greater opportunities come with greater potential risks; similarly, greater potential risks yield more significant returns. While recognizing the “treasure land” that IoT represents, we must not only focus on the benefits it brings but also be aware of the hidden risks behind it. In this regard, Microsoft has proactively identified potential security risks in IoT, continuously monitoring whether the foundational architecture of IoT can meet the security challenges posed by current global business.

This article aims to present the current state of the IoT industry and its issues from the perspective of Microsoft’s IoT technology expert, Lian Jufeng. Security is just one part of the entire IoT domain, yet it is an indispensable part. With growing awareness of security and privacy issues, it is believed that the security challenges of IoT will see significant improvements in the future, allowing IoT to truly become a new opportunity for enterprises to turn the tide.

Lian Jufeng, International Technology Expert at Microsoft IoT Sales Asia. At the Microsoft Online Technology Summit held on April 18, during the session on [Cloud: AI & IoT], Mr. Lian will share insights on [End-to-End One-Stop Deep Data Protection Practices for Azure Sphere Under Billion-Level Device Volume] from 16:20 to 17:10. This article serves as an extension of that session. If you are interested in related content in the IoT field, you can scan the QR code below or click Read the Original to register for free.