Shipping companies and boxes as components of the IoT…

I was thinking about IoT concepts yesterday afternoon while waiting. I realized based on an email I got from shipping company that packages have been components of the IoT for the past 10 years or so. They have a number and are scanned by sensors so that you can track them anywhere they are.

That got me thinking about how broad or narrow the real concept of IoT is today. It isn’t just the sensors it’s the network (and the Internet) and the items that move within the network. Your package then becomes an object in the IoT “verse”.

What else is in that world?

First there is the concept of what is connected. Then we have to consider how that what is connected. Finally there is the last piece, how is it presented. For example in the early days of package tracking there was a disconnection. Your package had a number and the shipping company knew where it was. The shipper was responsible for shipping that number to you so that you could go to a web site and consume the information. Now that is done in an automated email. Where once you had to plan your life around boxes arriving that required signatures, now you can tell the shipping company when you are home and when they can deliver the package. Or you can pre-sign for the package and not leave work or change your routine.

That got me noodling. The intent of the IoT is to improve the function and data gathered around us. It is to connect sensors and devices (and packages) so that we can consume the information and make decisions. Yes in the end there is a considerable reliance on UI. How we see what we see becomes as important as what we are doing. The reality of bite-sized applications has taken over. Mostly because the explosion of IoT is in part because one of the IoT devices most prevalent is your cellular phone (and in particular a smart phone).

Operating that new paradigm is very different. Securing that new paradigm is also very different. When I was first designing directories for companies and Group Policies began to replace login scripts (who remembers Novell Login Scripts? My first big IT mistake was not having an End statement at the end of the first Novell Logon script I wrote). Group policy objects initially were something we debated. It became the conclusion that you put the most restrictive GP’s rules on machines and the least on people. People could and did move between machines. Machines tended to either be turned on once or not rebooted fairly often. The birth and explosion of laptops and the support for Sleep and Hibernate then changed how often you applied GP’s.

Many IoT sensors have no clue what a directory is and applying group policies to a set of remote sensors isn’t always even something to consider. Instead we have to enable security that is end point independent. This security implementation means that each end point is capable of securing not only the data at rest with the sensor but also the data being transmitted back to the collection point. Then the collection point will provide security for the data resting there.

It also means that operating such a world has to move into the realm of automation. No matter how good your process is, human beings can only do so much. An automated system watching the IoT implementation is critical.

We don’t think about package tracking often. It’s been around for quite a few years now. We just assume that once we have a number or once we get the email our shipment is in process. We don’t call the shipping company and ask them about security for our package as it is in transit. We simply wait to get home the day it arrives and open it. The shipping company worries about security and least cost routing. Not us. They are in the business of moving boxes and envelopes. We are in the business of waiting for those boxes and envelopes. A shipping company started today would in effect have to build an operations, management, security and delivery infrastructure that was able to provide information about my package at any point in the process. By the way, that is not what package tracking was 15 years ago. That email you get notifying you of shipment was generated in an automated fashion. 15 years ago the shipper had to actually make an effort to send you the email with the tracking number.


Scott Andersen

IASA Fellow!