Security and the Internet of Things

I am a big fan of the Internet of Things - all the smart devices that are changing our lives by being connected to the Internet. I consider myself a pioneer and early adopter of these gadgets. What worries me though, are the security and privacy issues involved with using such devices. So, what are the concerns?

Well, I am not too worried about my IrrigationCaddy sprinkler controller. Even if someone was to hack into it, the most damage they could do is to make my lawn look greener. After all, we’ve been conserving water heavily in California and the lawn looks pretty dry. Similarly, I am not too worried about all the Belkin WeMo switches and outlets that control the lights in my house. A possible hacking could lead to some pranks or annoyance but it would probably not represent a significant security concern.

But I am a bit more worried about my Nest thermostat. The concern is not so much the temperature in my house but rather the fact that the device knows when we are home and when we are away. After all, we set it on “away” mode when we leave town to conserve energy. Knowing we are away could be some very useful information for a potential perpetrator planning a break-in.

Similarly, the wearable devices represent a privacy concern. Jawbone recently published a fascinating blog post about the effect of the Napa earthquake on the sleep of Bay Area residents. While the data is fascinating, it also conveys a disturbing fact – the device knows when you are asleep! What’s the worry with that? Well, if someone were to break into your house, knowing that you are asleep would be pretty useful information, wouldn’t it?

The concern with cloud-based cameras such as the Dropcam – which is now owned by Nest, a Google company – is also pretty obvious. The camera feed is available and often also stored in the cloud, which begs another obvious privacy concern. The fact that Google owns both Dropcam and Nest is only adding to the concerns. After all, Google has been pretty open about their disregard of consumer privacy.

What concerns me even more is the trend towards smart cars. Sure, the Tesla is pretty awesome and the factory’s ability to upload and deploy patches and updates over-the-air is amazing. But what vital systems of the vehicle can be controlled remotely? Could a possible hacker make my car stall while driving on the on the freeway? Could they lock or switch off my breaks? That could become a life-and-death scenario.

I was recently at a conference where I saw a panel about the future of smart cars.  It was scary to see how the insurance companies are chomping at the bit to get the car manufacturers to implement smart devices that would monitor our driving behavior. They claim it is only to our benefit – the good drivers would pay lower premiums than the bad drivers. In fact, the Progressive Snapshot already does that, albeit on a voluntary basis. But it is a small step from Snapshot to the Fitbit activity tracker and if your health insurance company starts accessing your daily activity data to adjust your premiums, you may get worried about the Internet of Things. And rightfully so.

The Internet of Things, the world of smart devices connected to the Internet, will make our lives better. In fact, it will make our lives amazing. But if the data falls into the wrong hands, which is not an unreasonable concern, the smart devices could represent a major privacy and security concern for all of us.

File System in the Cloud

Today, Microsoft and Dropbox surprised us all by announcing a partnership. According to the announcement, Microsoft Office applications on mobile devices will be integrated with Dropbox to allow direct access to documents from within the Dropbox folders. This is a big deal.

With this announcement, Dropbox has the chance to effectively become the file system for mobile devices – the file system in the cloud. This is something that Apple didn’t include in all the ingenious plans for its iOS operating system. Apple has always claimed that applications and their data need to be compartmentalized. But people wanted a file system – perhaps that’s what 30 years of DOS and Windows dominance have taught us. Dropbox came up with an alternative and it became hugely popular.

Apple eventually relented and started introducing iCloud as a way to share data in the cloud, primarily for music and video content that is. Yet Apple didn’t pay much attention to documents, which opened up the window of opportunity to the likes of Dropbox, OneCloud, and Google Drive. Not to mention that only a few users have figured out how Apple iCloud actually works.

Since then, Dropbox has been a run-away success, attracting well over 300 million users. Google, Microsoft, Apple, and dozens of other vendors attempted to follow in their footsteps. Now, it would appear that Microsoft is conceding the race to Dropbox. That alone is huge. Microsoft OneDrive struggled from the beginning to gain any meaningful market share and now, its future is uncertain.

The greater deal yet, is the fact that by way of closely integrating with Microsoft Office, Dropbox really has the opportunity to become the default file system for mobile devices; a cloud based file system – something that Apple failed to deliver.

The announcement begs another question. Giving up on OneDrive in favor of Dropbox is a massive concession. Microsoft doesn’t concede anything often. Dropbox got itself a sweet deal and Microsoft didn’t do it just because it gives the users a choice of storage. Sure, Microsoft gets more money from selling Office than they ever would get from OneDrive, but I suspect that Microsoft is likely getting something more in return. Today, we can only speculate what it is. If I were to place my bet, I’d be putting my chips on Microsoft Azure right now, at the cost of Amazon EC2. I suspect that Dropbox may be leaning closer to Azure now. But that’s of course just speculation.

Today, the world may have changed a bit. Or, maybe it changed a lot. Dropbox has been given the opportunity to become a major force in the cloud-a mobile game of thrones. It doesn’t change much for the enterprise customers who will still need to ask whether the consumer-focused Dropbox is an adequate solution for sensitive corporate data. But in the consumer space, Dropbox has been handed the keys to the kingdom.

Accessing files in Dropbox from within Office on iPad. Cool!