Internet of Things: balancing benefits with data security

Written by Dan Warren, Director of Group Architecture at Capita

Just because you can connect a device to the internet doesn’t mean you should. While connected devices (commonly called the “Internet of Things”) can deliver new services, there needs to be security, privacy and clear ownership of data.

The endgame for the Internet of Things (IoT) is a world where data flows between organisations and individuals, from multiple sources and can be analysed to provide better understanding of what’s happening in any aspect of our personal, community and business lives. This can drive efficiency, better service and massive positive societal change.

There is enormous potential to change lives for the better, using data to manage power consumption in homes, home security and integrating any device in a building to use connectivity. It can also support individuals in social care and to provide additional information when setting insurance premiums. The full manifestation of the Internet of Things is however some way off. Right now, the challenge is taking the first steps and making a business case for deployment of connected devices in isolated use cases. IoT is currently about finding specific opportunities with a business case in their own right to create greater efficiencies, whilst keeping an eye on a bigger vision for the future.

But where there’s data, there’s risk from criminal activity and human error

This is exacerbated with the IoT because of the volume of information being generated and permission for the use of data not being treated as rigorously as it should. And this can pose a risk if it reveals something about an individual’s routine. A hypothetical example: if information was transferred from a domestic boiler to the energy company as part of a monitoring service for leaks or fuel inefficiency, that’s fine provided the information can’t be used to identify when the person is in the house. Anyone who can access the information can infer when the house is empty and vulnerable to break in. That is where the potential danger lies, though organizations are gathering information with the best intentions. Therefore, the data needs to be encrypted and secured from outside hackers as well as having limited authorization for internal access.

Managing the data from the IoT

People need to understand the extent to which data is collected already via things like home security systems detecting if you’re in or out, acoustic monitors (which indicate when someone is in a building) and the ability for others to infer an individual’s movements, such as not being at home. There is potentially a fairly painful learning curve in how data is handled in order to prevent making people vulnerable/

Therefore, data needs to be transmitted and stored in a secured fashion, encrypted and anonymized so it’s not possible to infer something about an individual. That said, when it comes to people it’s very difficult to prevent entirely the risk of human error.

For example, while car manufacturers are keen on enabling their internet-connected vehicles with apps in order to provide extra services to drivers, anything a user does on the internet – such as accidentally downloading malware into the car – could allow information and control of the car to fall into the wrong hands.

A massive education process is needed to tackle user apathy around the use of their data. Meanwhile, organizations collecting data need to know what they’re exposing via the data they hold. Indeed, they should be focusing on collecting the data that’s essential, which doesn’t mean gathering everything they can.

And, within companies, data needs to be kept as far away as possible from unauthorised users while people with access to the data need to be trained properly in how to handle it.

This blog first appeared on the AXELOS Blog here

One response to “Internet of Things: balancing benefits with data security”

  1. Allan Brown says:

    This raises a number of challenges, but for me working in Crime Prevention in Law Enforcement the most fundamental being a complete re-framing of what security means and how that addresses standards in security. The approach to security has historically been framed in terms of the physical environment, which is in turn predicated on the time it takes to overcome the security measures. That works because given time somebody will respond to the threat. Cyber security is to an extent still framed in that thinking, keep them out and detect them when they are in. Standards are then drafted on the length of time that your security will sustain under attack. The internet of things needs standards, but it widens the target/ risk area so much that setting standards based upon time becomes largely irrelevant. So instead of thinking about the security of networks we really need to be thinking about the balance between innovation, benefit and risk. do we really need our fridge to tell us what to buy? Does the process of data analysis really improve the product of the commercial company. Indeed is there a need for another Data Governance principle framed around a challenge to the commercial use of data, which says they should be able to evidence a tangible benefit to the end user before they even consider having products that harvest data or intrude on privacy. We are still coming to terms with the threat map presented by the Internet of Things, perhaps its time for some Big Thinking to go with the Big data.

Leave a Reply

Your email address will not be published.

Join Digital Leaders

By submitting your contact information, you agree that Digital Leaders may contact you regarding relevant content and events.