All of these are technical standards, and there are huge overlaps in their areas of functionality, which means that any given device might work with one, several or none of them. So interoperability can be a problem
Making this even more complicated is that some of these technologies address different layers of the stack – whether they’re basic radio communication tech, or a transport layer, or a data protocol, all the way up to something like Homekit that's almost an entire operating system in itself – and others are aimed at the same layer. Several even address various combinations of layers.
What this means is that different IoT implementations can use vastly different technologies, at every level, to get the job done. For example, Swedish pest control company Anticimex has its smart traps send text messages, via a carrier network, to an SMS hub that relays those messages back to a control center. This means that compromising a simpler system like a smart trap doesn’t offer a way into the company’s network, the way a more direct connection might.
In contrast, the team at Red Bull Racing needs constant, real-time data from its Formula 1 cars, which are zipping around racetracks at up to 200 mph. This means a proprietary system that feeds data to a central hub on the car, which transmits wirelessly to a service provider, who encrypts the data for Red Bull’s use.
Both of these systems are reasonably secure - but this makes them the exception, rather than the rule, as it's difficult to overstate the threat posed by IoT technologies on the network. This threat is two-fold, but both of the main issues center on the fact that many IoT endpoints are not well secured, in part because it can be difficult in some cases to build robust security into small, simple computing devices.
The first major issue is that a compromised IoT device can, in some cases, offer a way onto a company’s network for a malicious actor. A badly secured smart TV, a security camera – anything that accesses the network is a potential vector for an attack.
The second is that even compromised devices that aren’t used to attack a company’s network directly can be conscripted into enormous botnets of other hacked gadgets, a la the infamous Mirai attacks, which saw armies of security cameras and other poorly secured gizmos blast some of the Internet’s biggest sites offline with floods of junk traffic.
Confusion rules the day around IoT security. One of the principal problems is that even cataloguing every connected device on a network is difficult, and many administrators might not be aware of the full IoT presence in their environments. It's tough to secure something when you don't even know it's there.
Sign up for CIO Asia eNewsletters.