Mapping Session results: IoT Security

At this year’s Structure Connect, Gigaom Research hosted a collaborative Mapping Session for conference attendees on securing the Internet of Things. Mapping Sessions tap the collective wisdom of our analysts and other thought leaders to tease out the most disruptive trends shaping a space over the next 12-24 months. We integrate feedback from these sessions into our research planning, and many of the sessions directly inform our Sector Roadmap reports.

The IoT Security Mapping Session was a success, and we thank everyone who attended for their participation. Some key themes that emerged from the session included:

Device proliferation will have a substantial destabilizing effect on security. 

Users will experience “security fatigue” as the scope of personal device management extends beyond the smartphone to watches, other wearables, household devices, and automobiles. Users cannot be expected to maintain any level of personal policy management, and it will be incumbent upon every participant in the value chain – from app developers to hardware manufacturers to network service providers – to compensate.

Developers will experience fatigue, too.

Talented developers are already in short supply, and the fragmented nature of the IoT will make this worse. While standards are in flux and every new form factor brings a unique set of requirements, developers will scramble to extend their skill sets while delivering on a growing workload, creating massive opportunities for the introduction of security holes.

Networks will stumble.

The current crop of networking options are not suitable for the types or volume of traffic the IoT will create in just a few years. The IoT will generate vastly larger numbers of connections of substantially smaller size, with a wide variety of QoS requirements, and very different monetization allowances. New networks that rise to meet these challenges will need to be both secure and resilient, which could be a challenge for nascent technologies with an emerging revenue model.

An “awareness event” is inevitable – and positive.

A massive, damaging security meltdown is inevitable, and the participants felt that ultimately, such a breach would be positive for the security community, driving greater urgency behind open standards initiatives.

The “security underwriter” will rise.

Most of the participants agreed that there was a tremendous opportunity for a security underwriter – essentially a next-gen certificate authority – to step in and verify that  an IoT ecosystem is secure. There was less agreement on whether one party would have the resources to audit the entire chain, and everyone agreed that the challenge of certifying a constantly-changing collection of third-party APIs would be daunting.


We welcome your feedback on these and other disruptive trends. Have we missed anything that you believe will be key to shaping this market over the next two years? Continue the discussion by leaving a comment below.

Mapping session panelists.

Cormac Foster, Research Director, Gigaom Research

Rich Morrow, Analyst, Gigaom Research & Founder, quicloud

Lee Doyle, Analyst, Gigaom Research & Principal Analyst, Doyle Research

Mapping Session results: PaaS market

At GigaOM’s latest Structure event in June we hosted an invitation-only session for 40+ GigaOM Pro clients on the future of the Platform as a Service (PaaS) market, the results of which make interesting reading for anyone in this emerging field.
Our Mapping Sessions are the first stage in our process for developing a research paper which we refer to as a Sector RoadMap. In the Mapping Session we aim to tap the collective wisdom of our analysts and other thought leaders in the market sector we are researching, to tease out the most disruptive trends shaping this space over the next 12-24 months. We also want to examine which companies stand to gain and which stand to lose as these trends take hold.
The observations from our Mapping Session for the Platform as a Service market included:
IaaS and PaaS markets are blurring. There is a shift underway towards combining Infrastructure as a Service features with Platform as a Service, for example Microsoft Azure, a PaaS, now supports IaaS functions while Amazon Web Services’ Beanstalk offers PaaS capabilities atop its IaaS. Others are following suit. Google just unveiled Google Compute Engine, an IaaS offering alongside its App Engine PaaS. The consequences for users are significant. As the services blur it will not be as easy to mix and match IaaS and PaaS services when they are tightly coupled (e.g. AWS S3 and Elastic Beanstalk). Users already fear being locked-in to cloud providers but this trend is only likely to accelerate as the Infrastructure and Platform development layers merge. Providers that focus exclusively on PaaS or IaaS will eventually be forced to buy, build or partner with whichever pieces they do not provide.
Hybrid cloud becomes the dominant model. The public versus private cloud debate is over. Enterprises are focused on the hybrid model and in the context of PaaS this means application lifecycle management working seamlessly across public and private cloud infrastructures. This means some part of the app might be in a testing phase on public infrastructure, while the production environment is running in-house, but all within the same PaaS environment. Vendors selling only private PaaS solutions will have scale issues and public PaaS providers will need to figure out a strategy for the on premise piece of the architecture, or miss out on a huge chunk of the business. Many PaaS providers offer a private version or are in the throws of building one.
Market fragmentation. There are already more than 200 companies offering PaaS solutions and we expect to see even more appearing on the scene in the coming months. To stay in the game, providers will have to specialize and we are starting to see this along the lines of programming languages, use cases and vertical markets. For example CloudBees is a PaaS for building and managing Java apps in the cloud. Meanwhile Parse is aiming to become a PaaS specialist for mobile apps. Expect to see PaaS companies targeting communications apps and big data analytics also. And finally there could be PaaS offerings for vertical markets, financial services, being an obvious one.
Consolidation inevitable. This degree of fragmentation and innovation will lead to a shake-out and lots of M&A within the next 18 months. Oracle, IBM and HP were all named by our panel and Mapping Session attendees as the most likely suitors expected to acquire the successful startups in this market. EngineYard, AppFog, Cloudbees, Joyent, Bungee and dotCloud were named as potential takeover targets.
Enterprise criteria for PaaS adoption ignored. In order for mainstream businesses to embrace PaaS, these technologies and services need better performance/caching, security and policy control and they currently lack tools that provide an integrated development environment across languages and frameworks, our panel said. The business value of PaaS was still not clear to the enterprise, according to Mapping Session attendees. PaaS providers that can explain the benefits of using a PaaS in terms the enterprise will understand, such as reduced labor costs, maintenance costs, reduced development cycle and lower upgrade costs, will be more likely to succeed than those that focus on nifty, new programming languages.
We welcome your feedback on these disruptive trends. Have we missed anything that you believe will be key to shaping this market over the next two years? Continue the discussion by leaving a comment below.
Look for a Sector RoadMap report in the coming months that will crystalize our take on the Platform as a Service market.
Mapping session panelists.
Jo Maitland, Research Director, GigaOM Pro
David Linthicum, GigaOM Pro analyst, CTO & Founder, BlueMountain Labs
Geva Perry, GigaOM Pro analyst, Cloud computing consultant and advisor to startups.