Clumsy Strangers and Attacking Insects: My Two Hazardous Months Wearing Google Glass

Cradling my bike, right foot on the curb, left hand on the handlebar, I stood and waited for Glass to give me directions to my destination. As I stared into the rectangular prism above my eyebrow, I felt a tap on my right shoulder. Before I could turn, a voice asked, “Are those the new Google Goggles?” “Google Glass, actually!” I responded. 

(Note: this guest blog is written for Avaya Connected by Carlos Monterrey, a San Jose, Calif.-based writer, who also supplied the photos.)

I’ve been using Google Glass – no plural, thank you very much – for over two months now. I was one of the lucky few who secured a pair through Google’s Glass Explorer Program for developers and early adopters. 

Google Glass 1.jpg 

Carlos, about to be accosted by a friendly stranger over his choice in eyewear.

Like most explorers, I had a vision of grandeur, a hope for technologic luxury and exciting innovation. The reality is unfortunately more mundane. Wearing my charcoal-colored Glass in public has made me more self-conscious than I expected to be, especially in public restrooms, gyms, and other peeper-sensitive settings.

Being an early adopter of wearable technology also comes with a peculiar civic duty. When you’re the owner of globally-publicized, bleeding-edge gadgetry, the burden to share, teach and entertain is all too real, with friends and family, as well as the ever-looming friendly stranger.

This scenario, which has already played itself out more than a dozen times, goes something like this:

1) Ask about Glass.

2) Ask if they can wear it. 

3) Talk loudly in an attempt to make it do something cool. “OK, Glass…umm, Ohmigod, is this like Siri?” 

4) Clumsily swipe the Glass’ touchpad, causing it to dial your cousin, girlfriend, and other random people in your address book.

5) Accidentally post unflattering pictures of themselves. 

I get why people are so curious about its design. The nearly-indestructible frame weighs next to nothing. It produces HD quality video, and its bone conduction audio system is extremely effective. Most people stare out of curiosity, and all of the comments have been positive (possibly-relevant note: I live in the heart of Silicon Valley). 

Some spiteful non-users and cultural gatekeepers are bashing Glass as just being the latest symbol of nerd-dom – like a Segway, only wearable. Wired magazine recently had an article titled “Guys Like This Could Kill Google Glass Before It Ever Gets Off The Ground” showing young, savvy tech investors wearing Glass and looking “goofy” — meaning that if they can’t look cool wearing them, neither can we. I won’t weigh in on the fashion aspect, but I will say one thing: most people are curious to try on a pair when they see one. And food for thought: I was told that taking pictures with Glass made me look exponentially less bourgeoisie than taking pictures with an iPad.

Looking Glassy-Eyed, and Other Hazards

My initial plan was to build an app for Glass, a venture that was more educational than entrepreneurial. That hasn’t come to fruition. The Glass Developer Kit (GDK), which would give developers access to the Application Programming Interfaces (APIs) to build apps for Glass, was announced at the Google I/O conference in May. Despite the release of other Glass features, the GDK still hasn’t been released. 

Google Glass 2.jpg

The Latest Symbol of Conspicuous Nerd-dom, ala a Wearable Segway?

That’s got me and other Glass owners impatient. Whenever I wear Glass, I can’t help but imagine a plethora of possible applications: x-ray vision, telekinesis and mobile home theatre. Jokes aside, the included applications – hands-free picture and video, GPS navigation, voice command – though limited, are practical. They work quickly and eloquently, with the only drawback being, for a lack of a better term, looking “Glass-eyed.” This refers to the motionless stare that most users have when actively using Glass. My story: I was taking pictures atop one of my favorite hiking trails. While composing my photo, I was so motionless – necessary in order to reduce image blur – that a fly nearly flew into my mouth. 

Though the future of Glass as a social innovator is still questionable, some are turning their attention to workforce applications. Think of Square and how it eases credit card payments for very small businesses; Glass could do the same for inter-business communication. 

I think back to when I was 19 and at my first part-time job at the Home Depot. Within days of getting hired, the manager called me to his office and told me that I’d be working the electrical department because the usual guy had called in sick. Naturally I knew nothing about electrical appliances, or electricity for that matter. I spent the rest of the day avoiding questions from confused customers–sorry Home Depot. 

What a difference it would have made if I’d had something like Glass! Imagine scanning a QR code and getting everything I needed to know about fluorescent light bulbs projected directly in front of my eyes instantly. If I was really in trouble, I could have paged for assistance. Or I could have conducted a quick screen-share with a co-worker in the lumber department who knew a little more about connecting ground wires to service boxes for pre-WWII house than this teenager.  

RoboCop, and Other Industrial Uses

Law enforcement agencies have been tinkering with ideas similar to Glass for a while. Imagine having image recognition apps that instantly tell you everything you need to know about a person; height, weight, criminal background etc. in a hands-free headset. 

A person operating machinery in a factory can update supervisors in real-time about potential dangers by literally relaying what he or she sees. A handyman may not need to pull out his bubble-level anymore
because the projected image of a geometric line will tell him if the shelf on the wall is straight or not. We’re only limited by our imagination, truly. 

Unwilling to wait, programmers have tinkered with Glass and started compiling a list of hardware functions and specifications. They include a Texas Instrument OMAP4430 processor, accelerometer, gyrocompass and a proximity sensor. These could enable the holographic hand swiping made famous by Tom Cruise in the movie, “Minority Report”. All told, the components are worth between $150 and $200 – low, when you consider that the list price today is $1,500. Insiders predict that Glass will retail between $300 and $500 when it becomes widely available. 

In my opinion, $500 should be the highest price — especially if Glass doesn’t expand on its current list of features. It’s to Google’s advantage to release the Developer’s Kit as quickly as possible, as the creativity of developers and the apps they build will justify the concept of wearable computers – or not. Only then, will we be able to judge if wearing Glass on your head is truly better than pulling out your smartphone.

In a world where technological innovation is intertwined with seamless integration, Glass represents the way of the future for wearable technology, at least the early stages of it. They are like Google’s self-driving cars, which are just now starting to become visible on highways across America. The day will come when people will get used to the idea of mobile glassware technology; further advancing the fusion between technology, culture and person. Until then, I’ll continue to be interrogated about my choice in eyewear by friendly strangers.

Related Articles:

The IoT Chronicles Part 4: Predictions for 2017 and Beyond

2016 certainly didn’t come up short in terms of tech innovation. From genetically engineered immune cells that can control long-term HIV to plant gene editing that can help prevent diseases and droughts, we’ve seen incredible breakthrough technologies across practically every sector.

Indeed, the year was marked by groundbreaking innovation. However, I’d be remiss in not exploring the Internet of Things (IoT)—slated to bring the most organizational value industry-wide—and how it will significantly shape businesses as they digitally transform.

IoT is Bringing Big Savings

The question isn’t whether the IoT is here. It’s already changing business outcomes, lowering costs, and increasing visibility through workflows improving business processes. As we look ahead, sensors will only become more pervasive, machines more autonomous, and connected technology more capable of sharing knowledge than ever before. As a result, Gartner predicts that IoT will save businesses $1 trillion a year in maintenance and services by 2022.

Considering this, it’s not surprising that the global number of connected devices is expected to reach the trillions, driving 64% of companies to soon adopt IoT. It’s great to see such plans for investment; however, what really matters is how businesses invest in IoT to ensure maximum impact organization-wide and, more importantly, to drive the kinds of outcomes that end-users want and need.

IoT’s Predicted Impact

My intention with this blog series was to set the hype aside and objectively share what organizations need to know about IoT. In keeping with that goal, here are four predictions I have of where the market is heading (and how organizations can stay 10 steps ahead to ensure success):

  1. Companies will work to secure the newly un-defined perimeter—it’s everywhere.
    With the ability to connect millions of new devices, hardware endpoints, and lines of code, it’s not so much about whether companies are securing their networks, but how. In today’s world where virtually anything can be considered part of the IoT, the concept of a fixed network edge has essentially become obsolete. In its place is the concept of borderless networking, a world where a company’s network is neither here nor there, but everywhere.
  2. Looking ahead, I believe more companies will invest in end-to-end network segmentation to secure this everywhere perimeter. Such a solution inherently protects companies from the inside out with three core capabilities: hyper-segmentation, native stealth, and automated elasticity. If you’d like to read more on this, start reading my three-part blog series that breaks down each of these capabilities in detail. In my opinion, end-to-end network segmentation is the future of IoT security.

  3. M2M communications will fuel IoT demand.
    The evolution of communications over the last 50 years and the impact it’s had on traditional business processes is simply astounding. It only took a few short decades for manual processes driven by human-to-human communications to be replaced with smarter, automated processes driven by machine-to-machine (M2M) communications.
  4. Today, for example, utility companies can deploy remote sensors at oil drilling sites to communicate with on-premises machines about variables affecting equipment. When you drive to work every day, chances are sensors are being used to monitor such things as speed and traffic volume to maximize traffic flow. Cars today have so much computing and sensory power that they can now talk to artificial intelligence to troubleshoot themselves, requiring no human intervention. Just look at the work currently being done by Tesla, where a simple software update sent to 60,000 cars allowed drivers to sit back while their vehicles autonomously managed such things as speed, steering, parking and even lane changing.

    Overall, the M2M market is set to experience a 12% CAGR between 2015 and 2020. This massive communications shift will only further drive demand for the IoT and largely influence new capabilities in the future.

  5. The market will hone in on three POVs.
    I believe the market will soon come to realize that successful IoT deployment is not possible without rethinking the entire infrastructure from three critical points of view: security, regulation and provisioning. This means moving away from bimodal styles of working and embracing a holistic, 360-degree approach to the IoT.
  6. This is a sentiment also expressed by Gartner’s Managing VP Daryl Plummer. In his list of 2017 predictions, Plummer states that not only are bimodal exercises designed to “experiment and ‘fail fast,’ but “those that do receive approval for implementation involve a level of complexity, scale and business change ramifications that may not have been considered in the initial planning stage.”

    Businesses must look at the IoT as part of their existing ecosystem; therefore, they must find a way to seamlessly integrate the IoT into their organization as one of many moving parts. In today’s smart, digital world, all lines of business must move at the same pace of innovation to succeed.

  7. Companies will realign IoT with business outcomes.
    If you look at some of the prediction articles out there, you’ll see a lot of pundits saying that although the IoT is a hot buzzword right now, adoption at the business level will remain slow in the years to come. The way I see it, adoption doesn’t have to be slow if companies understand how to deploy and use it correctly, therefore accelerating the endorsement and alignment across the entire organization is critical to its success and impact.
  8. So, what needs to change? The IoT can no longer be seen as simply sensor-installation and heat mapping. It doesn’t matter if a car can self-detect its mileage consumption or if sensors can identify certain traffic volumes and speeds. The question is: how can this information be used to transform outcomes? In other words, how can IoT data be leveraged to actionably improve what’s valued most by those most affected? For instance, how can traffic volume data be used to ease early-morning congestion faced every day by thousands of drivers along a certain highway?

    First and foremost, IoT must be in perfect alignment with business outcomes, otherwise, the technology is being implemented just for the sake of being able to do so. I expect things to level out as IoT normalizes in the years to come.

IoT investment will undoubtedly propel companies forward in today’s smart, digital world. However, this requires time, funds and organization-wide commitment. Plummer, for instance, expects that by 2019, every $1 that enterprises invest in innovation will require an additional $7 in core execution. Remember: it’s not about whether you’re planning to implement IoT, but how you plan to do so.

The IoT Chronicles Part 3: Security Regulation

There’s no denying the transformative power of the IoT (whether or not you’ve read this IoT Chronicles blog series.) Practically every object imaginable today has a smart or connected equivalent: the smart home, connected car, smart city … the list goes on. As we move forward, the IoT will continue to have a powerful effect on the world as we know it, including a tangible return for businesses that are currently investing at a rapid pace. Gartner’s Chief of Research Daryl Plummer, for instance, predicts that the IoT will save consumers and businesses $1 trillion by 2020.

At the same time, however, we also can’t deny that there are certain areas of the IoT that require strengthening. If you read part 2 of this series, then you know where I’m going with this … security. As I mentioned in part 1, we here at Avaya define the IoT as simply having an open scope. In other words, virtually anything can be considered part of the IoT, and so anything is possible. So much uncharted territory, however, also becomes a new frontier for security threats and attacks. In fact, Gartner predicts that by 2020—the same year expected to top trillions in cost savings—more than 25% of identified attacks in enterprises will involve IoT devices.

A concept as groundbreaking as the IoT doesn’t come without certain legal and regulatory implications that must be properly addressed. This leaves us with two important questions: what IoT products should be regulated and, more importantly, who should be regulating them?

To Regulate or Not to Regulate, That is the Question

Let’s tackle the first of these two questions: which IoT products should be regulated to minimize security risks? The short answer is there’s no definitive answer. Instead, we must use our judgment based on the nature of the product or device in question. While every IoT product generates and shares data, we know that there are varying levels of sensitivity among these different sets of data.

For instance, consider Samsung’s “Family Hub” smart refrigerator. The product has a Wi-Fi-enabled touchscreen that lets families manage their groceries and sync up their schedules, as well as built-in cameras that snap and send photos of what’s in their fridges so they can see what’s running low. This product certainly generates and stores its fair share of data; however, should a family’s fridge be regulated? That is, should someone be controlling the data that the product generates, stores and shares? You may think not—however, just consider last year security researchers proved a way to hack the “Family Hub” fridge to steal users’ Gmail account information, despite the object implementing SSL. The successful man-in-the-middle attack proves that any connected object can be strategically used for criminal purposes.

It all comes down to what information could be exposed when we choose not to regulate (or implement the necessary level of security for) an IoT product. Do we really need to know that a family is running low on milk? No, but we do need to know if that family’s Gmail credentials are vulnerable to theft. Now, imagine if someone were to discover such a security loophole in the smart grid? It just goes to show that every IoT object must be regulated to some degree, and these degrees will vary. Even when it comes down to two IoT products that should be regulated—say, a smart grid and a smart vehicle—each product must be regulated differently. As I have mentioned throughout this series, following status quo protocols or implementing a one-size-fits-all strategy is not suitable. While I do believe the IoT must be regulated, applying the same regulatory policy nationwide would look a lot like trying to boil an ocean.

Ultimately, what it comes down to is this: we must define and implement regulatory best practices depending on the IoT product or device at hand. Each product will have a different set of security requirements, and so each will need to be regulated differently. Certain products will require higher or lower levels of encryption, for instance, while others complete segmentation. How a product is regulated—that is, if it’s even regulated at all—will depend on its unique security requirements.

Now for the second (and more debatable) question: who should be regulating IoT security? Specifically, should the government step in?

Self-Regulation vs. Government Regulation

If you follow the IoT in the news, then you’re likely aware of the massive debate going on as to whether the government should have a hand in security regulations. If not, allow me to provide a brief recap: In a November 16, 2016 hearing—prompted by the October 21, 2016 DDoS attack on Dyn—cyber security experts discussed the hard work that lies ahead for the IoT and debated the level of involvement that government entities should have in helping promote and create security standards.

Some experts advised the government to mandate IoT security measures before vulnerabilities cause unthinkable damage. Meanwhile, other experts believed that industries should have a chance to regulate themselves, saying that government should step in only if those efforts prove ineffective.

Overall, the experts claimed that the IoT poses “a real [catastrophic] risk to life and property.” This may be true (as there’s no piece of technology today that doesn’t pose some sort of risk), but does this mean the government should start standardizing security or applying industry pressures? Would these “standards” infringe on the privacy of users? Would these industry pressures adversely affect the vertical-specific nature of the IoT? I’d say so, and I’m not alone in my thinking.

Travis LeBlanc, the FCC’s chief of the Bureau of Enforcement, similarly agrees that prohibiting industries from self-regulation is a dangerous move. In fact, during a November 1, 2016 discussion on IoT security, he stressed that overregulation right now, at such an early stage, would “constrain the innovation of the future in ways that no legislator ever intended.”

When it comes to government regulation, what’s considered acceptable and unacceptable drastically differs based on the person being asked. I myself am of firm belief that standardizing IoT security will be nothing short of disastrous. Every industry’s relationship to the IoT—from opportunities for innovation to security requirements—is unique and must be tackled differently. As of right now, self-regulation remains a responsibility that industry leaders should take very seriously.

While there’s no one-size-fits-all approach to securing the IoT, there’s one thing organizations within virtually every industry should be doing: making sure the network traffic between their IoT devices is truly isolated so that unauthorized users can’t see or access it. Machine-to-machine IoT communications need to have session authentication. The way in which we communicate is changing. We used to start with human-to-human, but that’s been pushed down to third- and fourth-level communications. Now it looks like this: machine-to-machine, machine-to-AI, machine-to-human, followed by human-to-human. If this doesn’t call for something uniquely different to tackle security, what does?

Isolation of services is something that can be achieved with an end-to-end segmentation solution, which allows businesses to create stealth, extensible hyper-segments that span their entire network. If you’re not exactly sure what this is all about, you can check out a three-part blog series I recently wrote that breaks down everything for you.

We’re not done yet: In the upcoming final part of this series, I’ll explore the future of the IoT and share my top trends and predictions for 2017. Stay tuned.

The IoT Chronicles Part 2: Three Big Security Threats—and How to Solve Them

With projected market revenue of $1.7 trillion by 2020, the Internet of Things (IoT) stands to forever change the world as we know it. In part 1 of this series, I demystified the IoT and explored how leaders can create a vertical-driven strategy that produces positive and proactive business outcomes. Your strategy won’t get you far, however, if it doesn’t explicitly address the unique security threats that are inherent to this level of connectivity.

These kinds of threats aren’t easy to identify or mitigate, which is exactly why nearly 60% of companies say they plan to eventually implement the IoT (i.e., once security no longer concerns them) and why nearly 30% have no plans to implement the IoT at all, but this is likely to change quickly.

With the number of connected “things” growing, it’s expected that more hackers will feed off the ever-growing possibilities to attack, threaten and compromise business. Consider the recent IoT-driven DDoS attack on Internet performance company Dyn, which disrupted websites like PayPal, Spotify and Twitter. Dyn’s Chief Strategy Officer admitted last month that some of the traffic that attacked the company came from compromised IoT devices.

As I continue this four-part IoT crash course, I’d be remiss in not discussing security. Having said that, here are three massive IoT security threats we’re seeing today (and how to expertly address them):

  1. Personally-owned devices:

    Research shows that about 40% of U.S. employees at large enterprises bring their own device(s) to work, and 75% of companies currently permit or plan to permit BYOD in the workplace. Today, there’s a clear need among businesses to securely connect these personally owned devices that simultaneously perform multiple functions and connect to public, private and hybrid clouds. It may be easy to secure enterprise IoT, but this gets a lot trickier when you factor in the devices employees are using on your network. Just consider the 10 million Android devices that were infected this summer with Chinese malware.

    My suggestion: implement some sort of malware detection mechanism and deliver some level of automation that can quickly detect abnormalities on employee devices and prevent them from spreading.

  2. Open APIs:

    An open API model is advantageous in that it allows developers outside of companies to easily access and use APIs to create breakthrough innovations. At the same time, however, publicly available APIs are also exposed ones. Promoting openness means anyone can write new APIs (which is a good thing), but that can cause some challenges in the market. If an organization has undocumented features of its API, for instance, or if someone is rolling out an API and doesn’t have it properly documented or controlled, hackers can potentially take advantage. At the end of the day, businesses must be cautious as to what is being exposed and documented when writing APIs.

  3. Influx of data:

    The amount of data being gathered from today’s ever-growing number of connected “things” is simply astounding. In fact, research shows that about 90% of all data in the world today was created in just the past few years (2.5 billion GB of data were being produced every day in 2012 alone!) While big data has the potential to transform internal processes and the customer experience, leaders must ensure they have the right infrastructure in place to securely distribute and store the massive amount of data that flows through their organizations daily.

    My suggestion: have a solid understanding of how much data your network can handle (never overestimate your network capabilities) and plan to scale accordingly. Also, know the origination of your data and what privacy regulations you might need to take depending on the industry in which you operate. Healthcare, for example, must abide by very strict regulations. Be sure to also keep in mind the legality of where you store your data, depending on where that data comes from. Countries like Germany, for instance, have strict privacy laws that others don’t.

The One Thing to Remember

Here’s the thing business leaders must keep top of mind: although the possibilities for data compromise are growing, they’ll never become realities with network security solutions offered from the right provider. This doesn’t mean your security concerns aren’t valid. It simply means that, with the right technology, there’s no longer a reason to let those concerns prevent you from tapping into the immeasurable growth brought about by the IoT.

So, what’s my final suggestion? Organizations should consider a layered approach:

  • Phase I: Analyze, monitor and inspect.
  • Phase II: When classifying a device as suspect, isolate it to a different segment and perform forensic analysis.
  • Phase III:
    • Quarantine the device if known malware is detected and identified.
    • If the cause is unknown/unidentified, maintain isolation in a honeypot—a quarantine zone to understand malware—and deploy counter measures as soon as possible once a fix becomes available.
  • Phase IV: Once malware is clearly identified, quarantine all devices potentially infected while informing the end users and LOBs impacted.

For Phases II and III, invoke an automated sophisticated workflow to notify the right team for just-in-time analysis.

To properly execute on these phases, you need an automated and more secure networking foundation. The legacy client-server is simply not suitable for this new IoT world. Whatever services your connected devices or systems provide, do whatever you can to ensure they are logically segmented on your infrastructure. This is something that can be achieved through end-to-end network segmentation.

An end-to-end network segmentation solution eliminates nodal configuration by leveraging end-to-end Virtual Services Networks (VSNs). This allows businesses to provision their networks only at specific points of service, where those services are being consumed by end users or devices. Ultimately, end-to-end segmentation transforms your network core into an automated and intelligent virtualized transport. Your network segments will be stealth to hackers, flexible for secure and authorized use, and truly isolated from one another. These core capabilities nearly guarantee network security no matter what devices your employees are using, how much data they are generating and sharing, or what APIs are being written.

Your network security strategy will never be effective if your underlying architecture isn’t what it needs to be. In my opinion, end-to-end network segmentation is the most effective way to minimize and control the inherent security risks of the IoT. And the best news is that there are end-to-end segmentation solutions proven to deliver next-generation IoT security—even for companies still leveraging aging infrastructure. The technology is possible, real and waiting to be utilized.

As we move forward with the IoT, we must ensure security is always top of mind. There are a set of best practices that organizations must implement to substantially reduce the risks associated with IoT deployment. Keep in mind, there are no immune systems, but understanding the risks and minimizing the potential business impact is key. In the end, status quo will likely be a disaster for organizations endorsing the IoT at a rapid pace—changes to legacy practices and infrastructure are a must! Thankfully, technology advancements can provide the connectivity, stability and security required to enable companies to take advantage of the opportunities provided by the IoT.