IoT snapshot: the potential and the risks

By Kevin Shaker, senior analyst

During immixGroup’s 4th annual Government IT Sales Summit, government and industry IT leaders addressed what’s under the IoT umbrella and how public sector enterprises are using these tools now.

Here are some highlights of the IoT snapshot: The potential and the risks panel:

Where in this ecosystem should our partners and suppliers spend most of their time to bring the most value to their customers?

If you look at IT versus IoT, the world of IT was clients and servers. The client was relatively smart ­– your phones, tablets, PCs – so it balanced the IT issue between the client and the server. Now that we’re progressing into more IoT, the challenge is that the endpoint node is going to be really dumb; it’s not going to have a lot of processing power or memory. We end up with this new thing called a gateway, and that gateway is where we’ll control nodes, processing and the edge compute work, and this is the new platform from which IoT will work on.

Therefore, the best advice for a supplier trying to bring value to their customers is to focus on a vertical. The application software and the gateways you use will vary tremendously from vertical to vertical, so you’ll want to layer into a platform where you’re going to control everything.

A lot of government agencies aren’t ready to talk IoT. How does the State Department talk about IoT internally and what kind of buzz words should industry be looking out for to identify an opportunity?

The way the State Department is often approached is, “Hey, we have something that’s going to be good for the department, but it needs to be connected to the internet for us to take advantage of it…” and that’s when people start to panic over the security part.

To engage on a solution, it would be best if a business approaches it by saying, “Hey, we have not just the IoT device, but also the security wrapper and a plan for how you would apply that to your network.” That’s a better way to ease into the idea of an IoT solution.

What is the government doing to ensure that devices and users are protected?

Within the government, we realize that some of this security is going to have to live at the gateway because the endpoints aren’t terribly smart. Think this through: There are 10 billion credit cards that are functionally connected today. The hack rate on credit cards is amazingly low, and that’s because we don’t actually protect the credit card, we protect the behavior of the credit card. There are small things, like the creation of the chip, that add some protection, but, overall, it’s monitoring the behavior.

We will probably end up managing IoT in the way a credit card works, rather than how IT works. It should be an encouragement to the industry that we’re not going to solve this like anything we have in IT, we’re going to solve it like we did around credit cards. The banking industry has a lot of answers for us inside this solution. That’s the first step in aiming toward protecting devices and users.

Many companies have employees wear Fitbits to lower insurance premiums – who owns the data/security of the data? Is it on the company who’s requiring their employees to wear the Fitbit? Is it on Fitbit? The insurance company? Is it on government agencies? How are we sure personal health data is not being misused?

There are a few things in place that can sometimes protect personal health data. We have HIPAA, but that only covers information produced by a health care provider. Fitbit falls into both categories. If it’s being provided by your insurance company, your pharmacist or your doctor, that is covered by HIPAA. Fitbit has created separate servers and protocol to deal with that data.

However, health data not produced by a healthcare provider is not covered by HIPAA. It is regulated under FTC Section 5, authority against “unfair and deceptive practices.” That means it’s regulated under whatever Fitbit puts in its privacy policy… whether they are doing what they say – that’s the “deceptive.” The “unfair” is whether those practices are actually OK, and the enforcement of the unfair depends on who the sitting FTC commissioners are, so it is, admittedly, a bit of a fractured system.

To hear more about the future of IoT and how government will use those solutions, listen to the session here. And for more guidance on selling technology to the government, subscribe to the Government Sales Insider blog.