What About Shadow IoT?

There has been so much talk about “Shadow IT” — employees using their own smartphones, tablets, cloud applications and mobile apps — and its impact on corporate IT that many don’t worry about it anymore. Many IT decision makers have simply acquiesced to the idea that employees will use their own devices, mobile apps and cloud applications, and so are finding ways to work within this new reality as opposed to fighting it. To be sure, Shadow IT has major implications for security, the ability to find and manage corporate data, the ability to satisfy compliance obligations and the like, but Shadow IT is here and it’s here to stay.

But what about “Shadow IoT”? There are a large number of personally owned IoT devices already accessing corporate networks, such as Apple Watches, Fitbits, Alexa/Google Home devices and the like. For example, an Apple Watch can be used to access corporate email and text messages, Fitbits send emails to wearers with their weekly status reports, and IBM has integrated Watson with Alexa/Google Home, to name just a few examples on the tip of this iceberg. Fueling this trend is growing corporate acceptance of the idea of integrating IoT with business processes — companies like Salesforce, Capital One, AETNA, SAP and SITA, among others, are embracing use of the Apple Watch and developing applications for it. Moreover, the use of wearable IoT devices can increase employee productivity — a Rackspace study found that productivity and job satisfaction both benefited from their use.

While personally managed IoT devices represent an enormous boon to their owners, they also can create a number of security risks. For example, researchers at the University of Edinburgh were able to circumvent the encryption that Fitbit uses to send data, leaving users vulnerable to theft of their personal information. In 2015, a Fortinet researcher discussed a proof-of-concept that could infect a Fitbit device with malicious code that could then send malware to a PC connected to the device (a claim that Fitbit denied). Researchers at Binghamton University found that sensors in wearable devices could be used to determine passwords and PINs with up to 90 percent accuracy. Apple Watches have been banned from cabinet meetings of UK government ministers over fears that the devices could be hacked and used to listen in on these meetings.

Does your organization have a policy to protect against Shadow IoT? What security measures have you implemented specifically to address this threat? I’d like to get your feedback on what your organization is doing for a future blog post.

Microsoft vs. Google vs. IBM

While there are a large number of cloud-based communication and collaboration solutions available, the “Big Three” in cloud-based communication and collaboration today are Microsoft Office 365, Google G Suite and IBM Connections Cloud (which includes a very good email solution called IBM Verse). I won’t go into what you get with each offering, but you can check out the various components, features and capabilities at the following links for Office 365, G Suite and Connections Cloud.

All of these offerings include robust email, instant messaging, document collaboration, file sharing and other tools, as well as lots of storage. All of these solutions are reasonably priced, although Microsoft’s high end plans are significantly more expensive than the other two (but they also include more capabilities). Microsoft’s solutions require the least disruption to the way that most information workers work, since the vast majority already use the Office suite of Word, Excel and PowerPoint; and Office 365, from a desktop productivity standpoint, is nothing more than a switch from purchasing a perpetual license for these applications to renting them in perpetuity.

From a long-term perspective, however, particularly for enterprise customers, IBM’s solution should be the subject of most decision makers’ serious consideration because of Watson Workspace. Watson, the “computer” that trounced Ken Jennings and Brad Rutter on Jeopardy back in 2011, uses cognitive capabilities to analyze social interactions among information workers. Watson is currently being used for cancer research, tax analysis and other data-intensive applications, but Watson Workspace is specifically focused on using these cognitive capabilities in the workplace. The goal of Watson Workspace is to help workers manage information overload, present the right data at the right time, and otherwise streamline work processes with the goal of making people more efficient. Microsoft and Google have analytics and other capabilities that are focused on similar aims, but neither of these vendors have capabilities that compares to Watson at this point. In short, Watson has the potential to revolutionize the way that people work with one another.

The problem for IBM, however, is two-fold:

  • First, IBM is generally more bureaucratic than either of their key competitors and has a more difficult time moving products from the conceptual stage into stuff that people can actually deploy.
  • Second, Microsoft and Google make it easy to buy Office 365 and G Suite, respectively. IBM does not.

As a test of the latter point, I had one of our researchers run a test to see how long it would take to set up an account in Office 365, G Suite and IBM Verse. She started on a weekday afternoon and found that it took six minutes to complete setting up an Office 365 account, four minutes to set up an account in G Suite — and 31 minutes to set up an account in Verse.

Now admittedly, IBM is not really focused on the single user market to nearly the same extent as Microsoft and Google. But the difficulty and length of time associated with setting up an account are indicative of IBM’s need to make its account acquisition process a bit easier and more transparent. This one-off market can result in the deployment of perhaps a few million seats, a market that just about any communications and collaboration vendor should pursue for its own sake, but also for the potential impact it could have on making these tools more familiar in the enterprise space.

In short, IBM’s communication and collaboration solutions are the best of the Big Three, but also the most difficult to acquire.