For almost two decades, the Internet of Things has been metamorphosing into the behemoth that is present in virtually everything we do today. While some would like to believe that the IoT is just a fad, the truth is that the IoT is here to stay and will shape the internet, collaboration and user experiences across all devices. Just take a look at smart cars, thermostats and fridges; these items have been granted wireless capabilities and software to improve overall interaction and make some processes easier in the long run.
While the IoT certainly sounds good from a user perspective – who doesn't want to get groceries with the push of a button? – and it makes long-term sense for business progression, there's a darker side of the IoT that will likely play out for the foreseeable future. QA management, development teams and their organizations have a lot of considerations to make with IoT testing. Let's take a closer look at how the IoT can negatively affect your business and what to do about it:
The deal with data
Sensors, information aggregators and analytics features are major cornerstones of the IoT, but these features are also critical weaknesses to IoT's validity as a widespread tool. Gartner has predicted that there will be 6.4 billion unique things connected to the IoT by the end of this year, and these objects all generate a massive amount of data when in use.
Take Fitbit for instance. Models of this fitness band track heart rate, steps taken, calories burned and a slew of other metrics that are beneficial for the health-conscious user. Fast Company contributor Lauren Zanolli noted that data collected by Fitbit has been admitted to court in personal injury cases and could even be used in divorce court. The problem with IoT and its sensors is that every move you make is collected and accessible on company databases. This creates obvious privacy and legal implications on behalf of the business and could put its reputation on the line.
"To assume that all adversaries are financially motivated is really ignorant," security expert Josh Corman told Zanolli. "There are no safe neighborhoods in the Internet. If your last barrier of protection is the willpower of every human being on Earth being fluffy and good, then we've gone from an era where they can't hurt me to one where I'm hoping they don't."
Securing the impossible
As a developer or tester, think about the IoT for a moment – how many objects there are, the diversity of operating systems and the breadth of features offered by each model. These considerations give only a small glimpse of the complexity within the IoT environment. It's like the early days of mobile app development pushed to a much larger scale. Software security testing will be an absolutely essential process, but how can teams really achieve this with IoT?
The IoT is highly complex, and as Inc. contributor Geoffrey James noted, even if something is designed well from the beginning, as software becomes more complicated, it also decreases in stability, predictability and security. This is further compounded when software must interact with other programs to create larger systems of collaboration and communication. To achieve true protection, organizations must understand designer and tester vulnerabilities, utilize the right test management tools, as well as recognize possible problems that may arise.
"[S]oftware becomes less deterministic as it becomes more complex," James wrote. "When things go wrong inside complex systems, it's sometimes unclear, even to the software developers, exactly what has happened. Eventually, complex software reaches the point where any attempt to eliminate bugs or patch security holes ends up creating additional bugs and security holes. Software in this state cannot be 'fixed,' it can only be endured or adapted around."
The IoT obviously has a long way to go before it can be an asset to businesses or consumers. Not only can data gathering apps cause litigation problems for organizations, but it can also create problems in the health and well-being of users. Tracking wearables, automated pacemakers and other such devices are in danger of being hacked, and lives are at stake if the software is not appropriately protected. Businesses must not only disclose what information is being gathered, but also how it's used, where it's stored and what safeguards are in place to secure it.