So what’s the hold up? Right now there isn’t imminent financial motivation or competitive pressures for broadband providers to transition. As long as the market can efficiently broker the remaining, sellable IPv4 address space to those that require it, the pressure to migrate to IPv6 will not fully materialize.
Over time, as the number of IoT devices increases and IPv4 addresses grow more scarce, financial and competitive pressures will rise accordingly, eventually leading to economic incentive for IPv6 transition. Consumers will demand the ability to interwork with every device seamlessly with speed, ease and expect that the “Internet” continue to be the ubiquitous, any-to-any network they grew accustomed to in its IPv4 origins. An IPv4 and IPv6 Internet, patched together with transitional technologies such as Network Address Translation, won’t be able to scale to the levels forecasted for IoT devices, not without cumbersome constraints. This perfect storm of consumer expectations and financial incentive is what is required for IPv6 to become a reality after all of these years.
* Security. There is a lot of concern about what it will mean for the threat ecosystem to have millions of connected devices – especially those managed by consumers – available for malicious activity. If we don’t address the security issues rearing up today, we’re going to have a serious security situation. Right now, many companies are making Internet-connected devices that aren’t able to be patched or easily updated with new security rollouts. Considering many IoT devices collect personal data, security should be a concern for all.
A few months ago we saw a non-malicious hack of a children’s toy company. The hacktivist, a Grey Hat, was able to exfiltrate photos and personal information of young consumers. The Grey Hat took these actions to show the company how unsecure they were and teach the industry a lesson. This wasn’t the first time a child’s toy was in the spotlight for having security vulnerabilities, and probably only illustrated the tip of the iceberg.
It goes without saying, IoT developers should do more to secure their products. For organizations using IoT, it is essential to do a rigorous analysis of the security controls built into IoT devices and services they wish to use. At a minimum, an audit of IoT device’s communications channel, use of encryption, an analysis of the type of data it collects, stores and transmits, and the security of the end-point(s) with which it communicates, is paramount.
Given IoT’s growth rate, and the resulting broadening of the cyber-attack surface, organizations must be ever more vigilant in conducting comprehensive risk analyses and in the implementation of proper governance structures. A risk-based approach is the best way to balance the risk of using IoT with its unlimited productivity benefits.
The promise and lure of IoT is exciting for both consumers and the industry. If these three areas become a focus, we can move toward an Internet of Everything connected future.
Sign up for CIO Asia eNewsletters.