Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267
0

Before buying into cloud-based tech, you must prepare for failure | #cloudsecurity | #hacking | #aihp


The news that Insteon, purveyors of Internet of Things (IoT) smart home products, had shut down in April will have come as an unpleasant surprise to its erstwhile customers. The servers went offline, as did the website’s support pages. Although a group of customers have endeavoured to resurrect the cloud functionality of Insteon devices by buying out the company, this was always seen as highly unlikely. 

I’m not surprised there was – albeit temporarily – a casualty like this. Any product that relies on an intimate relationship with a cloud service for it to function is at risk of that service failing or disappearing altogether. 

We might wonder how this situation has come about. There is no intrinsic need for a cloud service to be involved with the core operation of an IoT device, but there is an interesting business model at play. For a start, it means the product can just call out to a cloud service somewhere hosted “out there”, with no need for the smarts to be running within the local area network (LAN). This makes deployment and set up easier. 

Even better, for manufacturers, is that it gives them one central place to update capabilities and functionality for all their customers. No need to talk to a big bunch of local LAN controllers: just update the cloud server. If you have a local networking box, maybe to allow a protocol transition to Zigbee, then this box can be essentially dumb and closed to the user. And it’s much easier for an app on your phone to communicate with the cloud server as it saves any pesky need for local LAN connection, virtual private network (VPN) tunnels or any other kind of “at home, away from home” configuration hassle.

One more thing: it opens up entirely new revenue streams for manufacturers by forcing the user to buy into a cloud subscription service. The more you pay, the more features you get. If you really want a laugh, go look at the subscription pages for many cloud subscription-based devices, and marvel at the incoherent and confusing tiers and other plans that are foisted upon the customer. 

It’s undoubtedly an effective business model, right up to the point where the cloud service disappears. Then you, the customer, are left with junk.

The easy answer is to say, “avoid any product that has any element of cloud functionality”. But that is too simplistic and doesn’t take into account a realistic evaluation of the sturdiness of the company involved. For example, it’s clearly possible for a vendor like Insteon to come off the rails, but the warnings were there – apparently it was trying to structure a buy-out some months ago. The problem is that there is no meaningful route to warn customers of impending doom. As soon as you do, there is a real chance that a small problem cascades into a bigger, company-killing issue.

So, we must do our own realistic risk assessments. It’s possible that Amazon might pull the plug on the entire Alexa infrastructure, but I would suggest that it’s pretty unlikely. Apple might walk away from Siri one day, but it wouldn’t be because the company has run out of money. And you would get months, perhaps years, of warning.

Compare and contrast this level of certainty with that of much smaller tier two, three and four suppliers. While they might well integrate into the top tier platforms such as Azure, they’re still reliant on their own cloud services infrastructures. Consider my home security cameras: I am passionately convinced that these should be wired up using Ethernet cables, preferably with power coming from the POE standard. There should be a local network video recording solution that captures everything, 24/7. And there is no hook into a cloud service. 

I can do this because I’m prepared to put industrial-grade networking in place to support the services required to perform a security function. This isn’t quite so appropriate if you want a camera to monitor your bird feeder, to make sure you don’t miss the arrival of a lesser spotted warbler. If so, then a cloud-based solution might be appropriate, but I would certainly only consider one from the top tier companies, and preferably one that had local storage. And which supports standards like ONVIF so it can be hooked up to a NAS/video recording box.

The problem is that the proverbial people on the Clapham Omnibus are bad at doing this assessment, because they simply want something that works. What happens in six months’ time, let along six years, is generally not on their radar. 

The failure of Insteon won’t be a sole event. The ongoing supply chain constraints are putting extreme pressure on the smaller vendors. In the past the saying maintained “no one got fired for buying IBM”. There must be a modern equivalent, whether that is Amazon, Apple, Google or another of the big players. Just don’t fall in love with a relatively unknown vendor and put too many capabilities in the one basket. It might not be there tomorrow.

Click Here For The Original Source.


————————————————————————————-

National Cyber Security

FREE
VIEW