What the Internet of Things (IoT) means for data security

The internet was once a utility that you could only access through computers, but over the last few years, it's evolved into an entire ecosystem. In today's world, it's common for mobile devices, vehicles, home appliances and sensors to be connected to the web.

For most people, internet gadgets are commonplace in the home and workplace. If you want to message someone, do some work or watch a TV show, all you have to do is pull your smartphone out of your pocket. Or maybe you own a smart speaker, like the Amazon Echo or Google Home? You can ask these AI-enabled devices almost anything and get an answer quickly.

These devices all form part of the Internet of Things revolution, and over the next few years, nearly everything around us will have some sort of internet function. The belief is that IoT devices are helping us get more things done at home and in the workplace.

However, that's not to say that connected technology is without its challenges. One of the biggest issues is that, because IoT is growing at such a rapid rate, companies have a huge influx of data to comprehend. It's thought as much as 2.5 quintillion bytes of data is being generated by the technology each day, according to IBM.

The question is, what does this mean for data management and security?

Problematic infrastructure

The most immediate problem facing businesses trying to take advantage of the wealth of information provided through the IoT is a lack of adequate infrastructure.

David Alexander, an IoT security expert at PA Consulting Group, says that although companies are designing IoT products to tap into large datasets, they don't always have the infrastructure there to support it.

"The more organisations look to increase the use of (IoT) data, the bigger the challenge they will face in transmitting and storing these huge volumes of data securely," he says.

Many companies risk being caught out when changes, as part of the General Data Protection Regulations (GDPR), arrive in May, as not only will fines increase in the event of a data breach, firms will need to prove they're able to manage it efficiently. This includes being able to delete customer data upon request "without undue delay".

Adrian Carr, senior vice president at enterprise software firm MarkLogic, says companies need to find and implement a system that's capable of "not just collecting the data but also abstracting, interpreting and then deleting or archiving it at speed and scale".

However, although there's furore around the potential of IoT, "many companies who have started on this journey truly have no firm idea of where it could lead in the future," he adds.

Part of the challenge for businesses is ensuring that they have adequate measures in place to securely store all the data they collect. "As more and more organisations look to drive down costs and shorten timescales by using the cloud, they open themselves up to additional security risks," explains Alexander.

"Financial pressures mean that too often organisations accept these risks instead of managing them and end up paying insufficient attention to the security of their customer data."

Data abuse

Data is a valuable resource, and if recent events surrounding the allegations against Cambridge Analytica demonstrate anything, it's that you can't always trust companies to handle such data responsibly.

Device manufacturers, in particular, are in a prime position to potentially abuse IoT-generated data, according to Dr Kevin Curran, a senior member of the Institute of Electrical and Electronics Engineers and professor of cyber security at Ulster University.

"When it comes to IoT and our homes, the interaction between, say, our fridge and its automatic ordering of milk is not by itself a candidate for applying predictive analytics, however, when millions of homes have connected fridges - then it suddenly does become a big data area," he explains.

"Here again, companies can exploit this rich data in almost real-time to learn more about consumer behaviour and appliance behaviour."

He adds that the use of predictive analytics will also play a major role in the development of IoT smart cities, for tasks such as analysing traffic, public transport schedules, flights, and pollution. The concern is that more and more of this analytical muscle will begin to shift in favour of private companies, and become more opaque as a result.

Governments need to be doing more to regulate these companies and educate people about data risks, he claims. "Invasion of privacy is a real concern as the widespread deployment of the Internet of Things, and a myriad of smart data collection devices, means that more data is being collected on people than before, and any breaches in security will have a knock-on effect on privacy."

The threat of GDPR

When GDPR comes into force, companies won't just face the prospect of being slapped with hefty fines if their systems are compromised by attackers they can also land themselves in trouble by failing to put sufficient systems in place to manage IoT data.

Ian Hughes, an analyst at 451 Research, believes that the granularity, higher frequency and general scale of the data powering IoT is causing new challenges for firms.

"In industrial use cases security and data sovereignty, for something such as a manufacturing process, requires careful enforcement and management, yet at the same time the sharing of data across silos and multiple companies can provide significant new insights."

One risk is the potential for cross-correlation of data, where the various datasets that an individual has opted into could be used to inform those services they haven't. For example, "opting out of something such as a location tracking for a fitness band may work, but if an owner then opts-in to location services for their car, a correlation can be made on a location," explains Hughes.

Consumers need to take action

Darren Thomson, CTO and vice president of technology services at Symantec, argues that, when it comes to protecting data, consumers shouldn't be waiting for manufacturers to step up.

"Ultimately, it's consumers voting with their feet that will persuade manufacturers," says Thomson. "UK consumers need to make security conscious decisions to protect themselves and their online lives.

"For now, consumers need to be cautious about whom they trust and most importantly, they need to get the basics right. Enforcing strong and unique passwords on all their IoT devices is a critical first step," he adds.

Given that the IoT industry is still in its infancy, it could be argued that these challenges are simply teething problems. If so, technology manufacturers and government organisations have the time to develop systems to better protect IoT data.

However, that shouldn't stop consumers from taking steps to improve their understanding of data privacy and cyber crime, especially when it's such a valuable commodity.

Image: Shutterstock

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, the Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan. You can follow Nicholas on Twitter.