Joe Baguley – Vice Président and Chief Technology Officer EMEA at VMware

Connected sensor technology is progressing fast, and it can seem that the only constraint on IoT is our imagination. It is helping logistics operations track shipments automatically in real time. Public authorities are better able to understand motorised and pedestrian traffic flows. Insurance companies are exploring how mobile apps can monitor a client’s driving behaviour and adjust
policies to suit.

But are the fundamentals of IT security and long term sustainability being forgotten. “The worry is
that we are seeing large IoT networks being built with little thought to how these will evolve,”
commented Joe Baguley, vice president and chief technology officer EMEA for VMware, a
specialist in cloud infrastructure and business mobility. “For example, I have seen large networks
based on cheap consumer webcams,” he noted. This works very well at first but over time issues
begin to appear. “It is vital that important hardware can be maintained and upgraded easily, and for
this reliable networks need to be in place from the beginning with IoT capability embedded,” he
advised.

Not only does the inability to upgrade mean the technology will age quickly, but open the way for
security threats to emerge. Mr Baguley sees this as the most important of five golden rules to
enhancing security in IoT networks. There are basics such as making sure data is encrypted and
ensuring access is via two-factor authentication. As well, the network infrastructure must be well
designed.

“Networks must be segmented. If you run one big, flat network then hacking just one sensor or
computer will give access to the whole network,” he said. Segmentation only allows a hacker access
to a restricted number of sensors, reducing the potential mischief that could be caused, facilitating
identification of a breach, and enabling the infected area to be sealed off quickly.

Then there’s the principle of least privilege. “There is a great temptation to take the easy route and
give administrative rights to everything in the network, but many major breaches occur where
people have managed to take over entire camera and sensor networks from just one entry point,”
explained Mr Baguley. Even if the network has been micro-segmented these firebreaks can be over-
ridden if the hacker has full access rights.

He thinks our understanding of the business benefits of the IoT can be improved by thinking about
the concept differently. “The ‘internet of things’ has become a bit of a catch-all term being used in a
variety of household and professional environments,” he said. Increasingly people are coming to see
smart gadgets such as Amazon’s Alexa as the essence of IoT. People enjoy their virtual assistants
playing music, setting alarms or calling up the news, but this functionality does not relate to the
overwhelming majority of business contexts. Mr Baguley prefers the term “instrumentation of
things” as this puts the focus on the main function: recording data from sensors and then making
decisions with this information.