Are companies looking after IoT data responsibly?

Man holding cell phone with IoT images surrounding it

The Internet of Things is an area of technology that offers masses of potential, and it's talked about a lot. Set to grow significantly over the next few years, connected technologies such as sensors and wearables have the ability to transform our domestic and working lives in a variety of ways.

There's huge interest in the Internet of Things (IoT) market from companies around the world. Tech giants such as Samsung, LG and Apple have all announced IoT products and solutions in recent years, which for them, are a way to attract new customers and generate billions of dollars in revenue in the process.

But as well as helping tech companies generate huge profits, there's also an interest in the data IoT endpoints generate. Many devices, especially in the consumer market, track information about the user. With this, firms can get a detailed insight into the lives of their customers and exploit it to improve services.

According to IBM, we create around 2.5 quintillion bytes of data every day, and 90% of it has been generated within the last two years. That's a great opportunity for companies, although there are serious concerns about security and user privacy. The question is, are current approaches to the use and storage of IoT data responsible?

Cyber security issues

Security, in general, is something businesses have to consider on a daily basis, but the fact is the cyber security challenges they face are becoming far more complex than physical security issues. A hack that sees company and customer data leaked online can have bigger consequences than someone breaking into an office.

The IoT market is quickly growing, and there's no doubt the risks will become more complex and wide-ranging, with a lot of them centered around data. Neil Bramley, B2B PC business unit director for Toshiba Northern Europe, says businesses are beginning to realise the threats when it comes to IoT and data protection.

"Over the next few years, the IoT will have a tremendous impact on how business environments operate. Companies are now beginning to recognise this rapid expansion of the IoT market and [realise] the security implications at the core of it Gartner predicts that worldwide spending on IoT security will increase from just $281.5 million in 2015 to $547 million by 2018," he says.

"With more touchpoints in play than ever before, and vast swathes of data being sent back and forth within this web of inter-connected endpoints, the threat of a cyber-attack and implications of such an incident are greater than ever before.

"Mobile zero clients are one of a growing number of solutions which businesses are implementing within their IT strategy to combat security threats brought about by IoT offering robust data protection and security with unhindered mobile working capabilities."

A rich opportunity for hackers

Data from connected devices is extremely lucrative for hackers as well as businesses. If they were to gain access to an IoT product, not only would they be able to control it, but they'd also be able to gain a vast amount of information about the user. David Buhan, senior VP of mobile and IoT services at Gemalto, says that IoT security is complex, but that firms need to take action now.

"There are lots of reasons to be excited about the IoT. Connected cars, wearable devices with seamless on-demand connectivity and Smart Cities are just a few of the new opportunities available to us by connecting devices to the internet," he says. "However, while the possibilities are seemingly endless, it's crucial security is at the heart of every development, and that we get it right.

"With so much data available, cyber-attackers are likely to find themselves with more chances to steal information and even seize control of devices. IoT security is certainly complex. It brings so many disparate players to the market that it often becomes difficult to formulate a holistic view on how to secure it."

Gemalto, as a company, has been taking a number of different approaches to ensure its assets and products are always secure. The firm has found it's crucial to have all areas covered, from the cloud to the actual device. If companies don't have the correct mechanisms in place, then they'll be at grave risk.

Buhan adds: "At Gemalto we advise taking three steps: advising all stakeholders to secure the cloud, secure the device and approach lifecycle management in the right way. Techniques like end-to-end encryption, secure key management and tamperproof hardware can make a hacker's life much more difficult.

"However, to make progress we need all stakeholders in the IoT ecosystem OEMs, CSPs (Cloud Software Providers), ISVs, Systems Integrators, MNOs, regulators and governments to collaborate and agree on shared security standards."

Legal challenges

When it comes to accessing and monitoring data from IoT devices, there are also legal issues companies need to consider. Mark O'Halloran, a partner and cyber security expert at Coffin Mew Solicitors, says companies need to have the right privacy and security safeguards in place to ensure customer data is always protected.

"On a superficial level, the Internet of Things seems like a fantastic step into the future. People can already control their heating and many other gadgets from their phones. Cars can monitor your driving skills and relay your position in the event of an accident. Bracelets can track and upload your movements and prompt you to take exercise. Smart lights know when you're in the room and can switch off when you leave it," he tells IT Pro.

"But the real challenge to privacy will be when almost all household goods and even buildings constantly monitor and talk to each other about your day-to-day activities and consumption. When the IoT ecosystem knows enough about you, it can start to pre-empt your needs and, with big data analysis, can figure out even your unspoken preferences.

"The forthcoming General Data Protection Regulation demands that companies processing all that data achieve 'privacy by design and default' and that's no mean challenge. With cyber-hacking becoming ever more sophisticated, the convenience and efficiency of IoT comes with a risk that your most private domestic life could be exposed [or] even manipulated directly by, big business, criminals and government agencies. Brave New World, indeed."

There's no changing the fact that IoT is an incredibly exciting industry with lots of future opportunities. It'll continue to grow over the years and more people will adopt connected technologies into their lives. But while this happens, companies need to consider the way they handle data and ensure they have the right security mechanisms inplace.

Image credit: Bigstock

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, the Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan. You can follow Nicholas on Twitter.