IoT in Physical Security

Business and technology analysts are in unanimous agreement that the number of IoT devices will explode into the many 10’s of billions within the next five years. These billions of new computing devices will produce enormous volumes of data about ourselves, our society, and our physical environment.

The security industry is at ground zero of this upheaval. In fact, the single largest group of consumer IoT devices being deployed today is for home automation and residential security.  Gartner estimates that the typical family home could contain more than 500 devices by 2022. Commercial applications are not far behind, and they will dramatically enhance our ability to analyze, predict, and react to conditions in our environment.

IoT will change the commercial side of the industry in three fundamental ways:

  • New product from new players

  • Cheaper and better products from everyone

  • Immense device and cyber security management challenges

The first change is apparent in the rise of new companies that were not previously a part of the industry. New players that had not been on the industry radar have suddenly begun showing up at major trade shows. Customers are asking whether major security platforms integrate with the new connected devices they’ve heard of online.  Search results that used to turn up the same familiar insider names are now turning up entirely new manufacturers—who, by the way, are often better at Search Engine Optimization (SEO) than the industry stalwarts.

What we’re seeing from these new players is currently most obvious in the residential sector, where companies like Nest and August and SimpliSafe are offering security products directly to the public. They are probably only the first wave, because security is a must-have feature for any residential IoT solutions.

Many of the IoT technologies developed for consumers will cross over into commercial security within the next few years.  Form factors will change, branding may change, and integrations with larger solutions will be necessary, but the underlying technologies are as relevant and useful in commercial as they are in residential. What’s most remarkable about many of the new IoT services is the interaction capability they provide with other cloud services—and other families of IoT devices. Products that lack these modern integrations, or at least the means to make them happen through an API, will suffer by comparison.

The second major impact of IoT will be the creation of more capable products at lower cost.  This will be the byproduct of the mass production of new chip sets designed for IoT devices of all types, from consumer goods to automotive and personal technologies. Security manufacturers will adopt these smaller, faster, lower-power chip sets in their upcoming design cycles. The result will be security products that look and perform more and more like consumer products than industrial products.  This change represents the consumerization of security, like the consumerization of IT that preceded it.

An example of this phenomenon is the incorporation of Bluetooth technology into security products like access control readers and other edge devices.  A complete System-On-Chip for Bluetooth, for example, can be added to a security product for as less than $5. The reduction in costs for various types of sensors is equally dramatic. Amazon’s Dash buttons—arguably the same technology that could be used for panic or REX applications—are now on sale for only $0.99.

The lower cost of production for IoT based security devices will translate into greater device and sensor density in our buildings and public places.  With this higher density we will have many more data points to evaluate threat factors, and the need for Big Data solutions to make that data useful.

The third big impact that IoT devices will have on physical security is the cyber security of these devices themselves.  The massive DDOS attack from a network of 140,000 hacked security cameras on September 9, 2016 demonstrates this risk. Part of the problem is that IoT devices used in physical security applications will often share the same network with numerous other IoT devices deployed for different purposes.  This topological proximity is a perfect environment for the spread of malware.

The fly in the ointment for the security industry (and any other industrial IoT application) is managing these large quantities of devices and keeping them all up to date with respect to security patches to their firmware. The sheer number of devices that need software updates will become unmanageable—at least with current software update practices.  Many of us would say that we’re already at that point. The reality is that it’s difficult to make it through an entire week, if not a day, without an update request from one or more phones, laptops, tablets, televisions, watches, microwaves, refrigerators, thermostats or other household gadgets. And that’s to say nothing of the mobile apps that control them, all of which seems to be on nearly monthly release cycles that keep us on the update treadmill.

The industry is currently in the throes of sorting out cyber security responsibilities among manufacturers, SaaS providers, integrators and end users.  All parties are stakeholders and they all have a role to play. It will be even more critical to have these issues sorted out when the number of connected devices on a network goes up by the predicted tenfold—or more.