No, Really, IoT’s for Real This Time
A trillion-dollar opportunity forever just out of reach is finally coming off whiteboards, thanks to AI. Plus: What accelerating IoT adoption means for security and some sad, scary stats.
I don’t write about the Internet of Things all that often. The easiest way to explain why is to share a few analyst forecasts:
In 2017, IDC predicted that global IoT spending would reach $1.29 trillion in 2020.
A year later, they predicted it would reach $1.1 trillion in 2021.
Six months later, they predicted it would reach $1.2 trillion in 2022.
Last June, following a Covid-related dip, they predicted it would surpass $1 trillion in 2026.
Last month, Gartner said IoT outlays would “nearly double” to $991 billion by 2028.
Noticing a pattern? For at least seven years, and probably longer, IoT has been fast on its way to becoming IT’s next trillion-dollar opportunity without ever reaching its destination. Eventually, I kind of lost interest.
Until two years ago, that is, when I randomly asked Stacy Nethercoat, executive vice president of advanced solutions at TD SYNNEX, about the IoT market. Rather than getting the “coming soon” answer I anticipated, I discovered that spending had “picked up significantly” in recent months.
“If we go back five years ago, everyone was talking about it, but there wasn’t a lot of doing,” Nethercoat told me. Now, by contrast, real live TD SYNNEX partners were making real cash money selling real solutions to real end users.
It wasn’t a fluke either. TD SYNNEX saw “high double-digit growth” in global IoT revenue year over year in 2023, the company says.
So what changed? The short (as in two-word) answer is digital transformation, which businesses worldwide will be spending nearly $4 trillion a year on by 2027, according to IDC. IoT got hot when it switched from being its own little IT silo to being an integral component of sophisticated solutions involving cloud computing, analytics, security, and AI.
“We really see those technologies all converging,” says Lisa McGarvey (pictured), TD SYNNEX’s vice president of vertical markets, alliances, and solution aggregation.
AI is exerting an especially great influence in surging IoT investments, she adds. Indeed, just over half of businesses have implemented AI and IoT already, and an additional third are planning to join in within two years, according to Kaspersky, the security vendor soon to be little more than a memory here in the U.S.
“IoT and AI really enhance each other’s capabilities,” McGarvey says. IoT devices feed analyzable data from the edge of the network to AI engines in the cloud. AI, in turn, gives IoT hardware readily available for years something useful to do.
End users are having particular success with IoT and AI in specific verticals, McGarvey notes. Manufacturers are deploying predictive maintenance solutions that study shop floor data for signs of impending, profit-killing breakdowns, for example. Government transportation agencies are deploying smart traffic management systems to reduce congestion by adjusting traffic lights, onramp meters, and rapid transit lanes in real time.
You don’t have to be a big solution provider to get in on such projects either, McGarvey emphasizes, noting that a TD SYNNEX partner working on smart traffic management systems with the U.S. Department of Transportation is an SMB.
You will need IoT skills, of course, regardless of your size, but only some. “We’re not asking everyone to do everything because then they’ll never be good at anything,” McGarvey says. Partnering with other partners that have complementary skills is a better model, she continues, adding that TD SYNNEX can play a match-making role in finding potential collaborators. The distributor’s professional services unit can fill skills gaps as needed too.
The only indispensable ability for everyone playing in IoT—or in digital transformation, for that matter—is the ability to talk solutions with customers versus products, as TD SYNNEX executives have observed many times in the recent past.
“We try to help the reseller understand the greater opportunity by trying to solve for a business outcome and have a more strategic conversation with their end user,” McGarvey says. “That is where we really see our resellers have a competitive advantage.”
The other side of IoT
IoT that helps AI solutions accumulate data is awesome. IoT that helps threat actors deliver ransomware is a nightmare.
Sadly, it’s a nightmare coming to life more and more often for more and more businesses as they put more and more IoT solutions into production. “Companies continue to struggle keeping those devices safe and protected,” McGarvey says.
Recent example: two of the top 10 most widely detected malware threats on WatchGuard’s latest quarterly Internet Security Report exploited vulnerabilities in IoT devices. One was a new variant of the Mirai malware family aimed squarely at TP-Link Archer routers and spotted by nearly 9% of all WatchGuard firewalls worldwide in Q1. The other was an assault by the Pandoraspear botnet on Android-based smart TVs, devices that commanded a market-leading 31.2% share of smart TV sales last year, according to Vantage Market Research.
“They run the subsystems of Android that can pretty much do anything an Android computer does, depending on how well the vendor does or doesn’t lock it down,” says WatchGuard Chief Security Officer Corey Nachreiner (pictured), including give attackers a foothold for lateral movement across often poorly secured work-from-home networks.
“Having a smart TV at home could be a great collateral access point to the office computer, which will eventually get you into the office network,” Nachreiner notes. Or not so eventually if the TV in question is on the office network to begin with.
“There’s a ton of consumer IT that makes its way into small businesses,” Nachreiner observes. “We’ve seen plenty of flaws in the high-end, business-only devices but the consumer ones tend to have very lax default security.”
That includes easily guessed default passwords (illegal in the U.K. since April) and cheap, unpatched operating systems. And we’re not just talking about TVs, IP cameras, and VoIP devices, though those are three of the most commonly targeted agentless devices in home and office settings. Routers, which account for 75% of IoT infections according to IoT security vendor Asimily, are at risk too, as are printers, NAS arrays, and pretty much anything else people don’t think of as attack surface.
“Anytime you have a device that really is a computer but to the average non-tech savvy person doesn’t look like one, you have IoT,” Nachreiner says.
Though AWS, Microsoft, and Palo Alto all have IoT security solutions, as do more specialized vendors like Armis, Asimily, Elisity, and Nozomi Networks, the most effective techniques for securing IoT devices are also the most basic, Nachreiner says. Change those default passwords. Patch firmware regularly. Put IoT gear on its own segmented network, so firewalls and unified threat management appliances with intrusion prevention services can more easily spot suspicious activity.
WatchGuard probably wouldn’t object if you installed the network detection and response solution it shipped a few weeks back too. “It integrates with your internal switches,” Nachreiner says, which means it can inspect suspicious traffic even within unsegmented networks.
A few scary and sad security stats before your weekend
On the off chance you don’t read security research studies as obsessively as I do, allow me to quote a few findings I came across recently that caught my eye. For convenience’s sake, I’ll divvy them up into three categories: Truly alarming, merely disturbing, and painfully ironic.
Truly alarming:
67% of energy, oil, gas, and utilities organizations (like, you know, the folks who run nuclear power plants) were hit by ransomware in the last year, versus 59% of businesses across industries, according to Sophos. 62% of the computers at those organizations were impacted, versus 49% across industries.
Merely disturbing:
39% of SMBs have concerns about how well MSPs manage security, according to JumpCloud. Another 28% call themselves “neutral” (a word that doesn’t exactly convey confidence) on the topic. Just 33% have no concerns.
Speaking of confidence, 60% of non-IT leaders say they’re very or extremely confident in their organization’s ability to block a security incident, according to Ivanti. Just 46% of the IT professionals who work for them say the same.
Painfully ironic:
40% of security professionals don’t think ordinary employees properly understand the data security dangers posed by shadow SaaS apps, according to Next DLP.
73% of those same security professionals have used shadow SaaS apps themselves in the last year, according to the same study.
Two notes about CompTIA
1. I’ll be speaking at the CompTIA ChannelCon event in Atlanta a couple weeks from now.
2. MJ Shoer, CompTIA’s chief community officer, was joined by CompTIA members John Harden of Auvik and Carrie Green of Canadian MSP Alt-Tech on the latest episode of MSP Chat, the podcast I co-host. Listen in to discover what all the well-deserved CompTIA fuss is about.
Also worth noting
Days after I wrote about the opportunity in AI infrastructure, Dell’Oro Group predicted $80 billion of AI-related spending in the next five years on data center switches alone.
SentinelOne has agreed to supply “AI-powered threat detection, investigation and response capabilities and unified data visibility” to CISA in conjunction with the latter’s Persistent Access Capability initiative.
Big week for SentinelOne: They’ve hired CARVIR, Continuum, and ConnectWise veteran Jay Ryerse.
SonicWall now has a Security Service Edge solution optimized for MSPs and their cloud-first end users. More on this in next week’s post.
It’s all about marketplaces, people, which is why Barracuda has signed an agreement with AWS to ease licensing, procurement, and deployment for partners, provide MDF, and more.
Speaking of MDF, Channel Program is making it much easier to find for MSPs.
BlackBerry unit Cylance is the newest participant in the MDR stampede.
Druva has expanded access to its Managed Data Detection and Response service and rolled out new threat hunting functionality.
Canalys foresees a 47% CAGR on sales of AI-capable PCs through 2028. HP shipped a few more such devices this week, as did both Lenovo and Dynabook.
Egnyte now partners with U.S. CAD to put its cloud content security and governance tech in the hands of architecture, engineering, and construction businesses.
GlassHive’s sales and marketing automation platform for MSPs now integrates with ConnectWise PSA.