During a recent clear out at home, I found myself reflecting on how we design our products and services. The concept of the circular economy is gaining currency and at its centre lies the importance of designing for an entire lifecycle – from a product’s initial creation, through to useful life, and finally to decommissioning or recycling. Waste is designed out and negative impacts are minimised.
As I surveyed my small collection of legacy technology, I was struck by how little thought is given to the whole lifecycle of our connected devices. Failure to address what happens to our software, hardware and data at the end of its useful life is storing up a significant set of problems for the future and creating economic risk. So is there is a better way?
Turning off support for a product doesn’t mean it’s dead
The recent large-scale ransomware attack that significantly impacted businesses and individuals around the world highlighted the growing nature of this risk. In this case it was continued use (most significantly in mission-critical environments such as the UK’s National Health Service) of Microsoft’s now largely unsupported Windows XP operating system that was the weakness. Having reached the end of its natural life, this operating system was no longer receiving the regular updates that are essential to maintaining internet security against sophisticated and rapidly-evolving threats.
An exponential effect
When we start to consider the Internet of Things, the potential scale of the problem of obsolescence comes into sharp relief. Today’s universe of connected devices includes practically every kind of product you can think of – toys, cars, toothbrushes, plant pots, industrial machinery and medical devices. While some of these products are undoubtedly well designed with adequate and regular upgrades to firmware and software to maintain security, many aren’t.
In my view, significant risk from our connected products comes at the end of their life. For many products, the current position seems often to be that support from the supplier simply stops. There are many reasons for this – a supplier might cease trading, be acquired by another company, change the focus of its business, or decide to prioritise other products and services.
An internet of obsolescence
As the number and nature of internet-connected devices grows, we’re potentially storing up an ‘internet of obsolescence’. This is where legions of legacy, unsupported, un-patched and generally unloved devices of all shapes and sizes clutter up the internet – providing a potential botnet army and risky, unsecured access to our networks. Whilst an obsolete connected child’s toy might represent an inconvenient and potentially damaging security risk to the data in our homes, the stakes increase significantly in enterprise and commercial settings where, in the worst cases, lives could be put at risk.
A circular digital economy
I believe the technology industry could greatly benefit from adopting some of the learnings from the circular economy. By creating digital products and services that have a well-defined lifecycle, it should be possible to improve security and governance on the internet. Doing so could stimulate new kinds of business models and, in particular, those involving leasing or renting where obsolete and unsupported products and services could be replaced with the latest versions. Products that are no longer supported could be automatically triggered to turn off, lock down their ports or wipe data to reduce risk.
A data lifecycle
The idea of designing for the entire lifecycle can also be extended to data itself. For many, the current approach to exploding volumes of data seems to be to simply store everything because you can afford to. This is despite the fact that a lot of data has well-defined temporal value. It may be useful today, this week, for the next year etc., but not beyond this.
Storing obsolete data is simply creating additional burdens and overhead. So wouldn’t it be better if some of our data could be designed with a defined lifecycle that stipulates for how long it should be stored? I’d be happier if my account with an online service provider was erased after a period of inactivity (following appropriate warnings and reminders) rather than left to linger, with any personal information becoming increasingly irrelevant and potentially vulnerable. We should seek to design new data structures that specify the lifecycle so data can be simply erased at the end of its useful life.
So how will you avoid the hazards of obsolescence and plan for the full lifecycle of your products and services, and data?