Note: This article first appeared in Security Sales & Integration.
Connected devices are skyrocketing in popularity in all applications. But will the technology used to protect that data be able to keep up?
The numbers don’t lie — the Internet of Things (IoT) is every bit as big of a deal as it’s made out to be. IDC predicts that the IoT market will hit $14.4 trillion in annual sales by 2020 when combined with big data. And according to Cisco, there will be 50 billion connected devices by that time. Major industries, from healthcare to consumer to automotive, stand to benefit from these devices and the services derived from them.
While the adoption of the smart home and its connected devices are still in its early stages today, Accenture reports that nearly 70% of consumers plan to buy a smart home device by 2019 — bringing the smart home market alone to $490 billion in revenue. The healthcare industry will experience the fastest growth in IoT adoption within the next five years, topping $2.5 trillion in IoT-generated healthcare revenue by 2025. A recent survey by McKinsey & Company even found that more than 25% of car buyers believe Internet connectivity is more important that engine power or fuel efficiency.
As technology advances, our society is increasingly more connected — even in our personal matters. But how secure will our connected homes be? How about our medical monitoring devices? Because if it’s connected, it’s hackable. If you’re lucky, the culprit will just be a kid hacking into your smart home device to turn your kitchen lights on at 3 a.m. You’ve been punked, but there’s no real harm.
The truth is you can’t test for every possible case because it’s impossible to identify them all. So what happens when one of those unimagined and untested cases cause an injury, property loss or the exposure of sensitive consumer data? What’s the manufacturer’s liability for the pain and suffering involved when a kid hacks your system and punks you by turning on your lights at 3 a.m., repeatedly, for several weeks? The answer is, we don’t really know. IoT opens the door to a whole new set of legal precedents around product liability, data breaches and data sharing.
Safeguarding Data Privacy
All kinds of personally identifiable information (PII) will be embedded in the flood of data gathered by IoT devices, whether it’s directly present in any given data transmission or obfuscated to some degree. In order for the IoT to “deliver,” this PII (or more likely the indirect pointers to it) must be present or else IoT devices and services will be unable to provide the highly personalized experiences consumers and businesses expect.
Protecting this customer data is critical. Strong encryption can make most data breaches moot — if it’s employed, that is. In the case of health insurer Anthem, the company wasn’t required to use protection. As a result, its high profile breach exposed the personal information of 80 million customers. Pervasive encryption standards will go a long way toward securing customer data.
Sharing Personal Data
Additionally, demand will continue to grow for democratized sharing of IoT data in order to deliver “cross-platform” value. For example, your Volvo’s embedded IoT sensors ability to seamlessly find and pay for parking during a weekend trip requires data sharing between the car company and city’s parking infrastructure.
Different countries, however, handle data sharing in different ways. Currently, Europe and Canada use an “opt-in” approach — companies must get permission from customers to share data. In the United States, companies are free to share data unless customers explicitly “opt-out.” Incentive programs are a popular compromise, like the one from Nest that gives customers discounts in exchange for sharing their data with third parties.
So, when I consider the manifold increase in data volume, the high sensitivity of the data within, and the market necessity to allow disparate entities to share data from disparate sources, I wonder whether the level of security currently afforded by today’s protocols and practices really cuts it.
Luckily bright people are busy at work trying to tackle the problem, although no one yet can say which standards will do the job most effectively and will “win” — be it those created by large corporate alliances like the Industrial Internet Consortium or those by community/open-source style entities like the AllJoyn Alliance (or combinations of both). All we can say for certain now is that what we currently have is unlikely to scale and extend in the ways the IoT will demand.
The good news is we’re getting closer to the end zone — bolstering IoT security. Myriad point solutions and joint efforts like the Cloud Security Alliance are just some of the ways industry is working to lock down the zillions of moving parts of IoT.
There are certainly data challenges on the road to IoT. Before we can harness that data fully, we’ll need to overcome some real challenges. There is good news on several fronts, including the fact that great minds and lots of R&D dollars are busy trying to address these roadblocks.