The Internet of Things (IoT) has become an almost household phrase, used to encompass all the digital devices in our lives. According to a 2021 report from Deloitte, the average American household has around 11 connected devices — that's anything from smartphones, TVs and game consoles to light bulbs and front door locks; even appliances like the refrigerator and washing machine can have connectivity features. The figure doesn't seem all that high, not when you think about how much of our lives are spent connected in one way or another. But bearing in mind that Statista's latest demographic reports show the average U.S. household only contains around 2.6 people, that's approximately four devices per person. Those four devices are only the ones that individuals consciously register as having, too. The ones that are actively used, and potentially only their personal ones. Especially since COVID-19 and the resulting lockdowns, more employees are being provided with work laptops and phones that bump the number of devices even higher. This is where IoT starts to transform into IoFT — the Internet of Forgotten Things.
What is the Internet of Forgotten Things?
Devices categorized as IoFT are essentially any old tech that has connectivity capabilities but is outdated or no longer used. The majority of users tend to hold onto old tech for a while when they upgrade their devices, whether that's keeping their previous smartphone as a spare or simply putting it in a drawer and forgetting about it. This can often be the case for businesses too, retaining dated but still functional devices for possible new employees or for emergencies.
The risk of forgotten IoT
As technology development continues to accelerate, IoT devices have become more heavily relied upon for storing greater amounts of data. Even with cloud-based storage retaining the majority of the actual data, the means of accessing that data remains ingrained within the devices themselves. With manufacturers producing newer and newer versions of tech also comes the need for them to discontinue support for old devices eventually. This, in turn, facilitates the necessity to upgrade and replace technology far quicker than was required with less advanced predecessors.
Some people — and companies — like to hold onto devices for as long as they possibly can, getting the most out of them without having to bear costly upgrades and replacements until it's necessary. Eventually, manufacturers stop providing support for older versions of devices, meaning that they can become obsolete, less functional and potential security risks.
These two types of IoFT present two pertinent challenges to consider:
Old devices are often stored away or sometimes haphazardly discarded while still containing large amounts of important data. Their theft or discovery could have unforeseen consequences.
Old devices still being used may not be receiving the operational and security support needed to keep them viable for storing the data they have on them, while remaining active and therefore accessible remotely.
Forgotten IoT devices can be found, resurrected, or infiltrated and plundered for data. While this may seem melodramatic, it is undeniably a possibility, and one that organizations should take very seriously. Streams of communications, passwords, direct logins, contact lists and personal information are just a few of the most basic things available to a bad actor able to access an IoFT device. Even legacy technology that is no longer supported and at first glance doesn't operate anymore still retains the information therein, and — to the rightly motivated individual — can be compromised.
Protecting IoFT devices
How do you keep IoT devices secure and ready for when they transition into the realm of "forgotten"? Here are a few ways to stay on top of the technology within your business so you can avoid forgetting about your IoT.
- Stock check. Make an inventory of all the devices you have in the company. Include any unassigned technology, and list the year of manufacture so you can easily flag anything that's starting to get long in the tooth.
- Record updates. Keep a log of who has what and when it was last updated — this could be through automated reports for devices you have remote control over, or it could require manual interaction for older devices.
- Audit device lifespans. Most new devices will be safe to receive updates from the manufacturer for a long time, but anything that is approaching its end-of-life is going to need some extra attention to keep it working smoothly and securely. When you become aware of any device approaching its end-of-life, it's time to establish whether it can be supported via trusted third-party developers or if you will be better off seeking a new replacement device.
- Keep it clean. Any devices you are going to decommission — especially those that are going to be disposed of — must be thoroughly wiped of all data. Duplicate it onto alternative storage first, so you can access it in future should you need to.
- Keep the legacy alive. If you are going to retain any old devices or systems but want to keep them accessible, tools like Inventu Viewer+ can help you keep them going beyond their end-of-life.