Are companies looking after IoT data responsibly?

IoT can increase profitability and personalise services. But it's not without its risks

The Internet of Things is an area of technology that offers masses of potential, and it's talked about a lot. Set to grow significantly over the next few years, connected technologies such as sensors and wearables have the ability to transform our domestic and working lives in a variety of ways.

There's huge interest in the Internet of Things (IoT) market from companies around the world. Tech giants such as Samsung, LG and Apple have all announced IoT products and solutions in recent years, which for them, are a way to attract new customers and generate billions of dollars in revenue in the process.

But as well as helping tech companies generate huge profits, there's also an interest in the data IoT endpoints generate. Many devices, especially in the consumer market, track information about the user. With this, firms can get a detailed insight into the lives of their customers and exploit it to improve services.

According to IBM, we create around 2.5 quintillion bytes of data every day, and 90% of it has been generated within the last two years. That's a great opportunity for companies, although there are serious concerns about security and user privacy. The question is, are current approaches to the use and storage of IoT data responsible?

Advertisement - Article continues below
Advertisement - Article continues below

Cyber security issues

Security, in general, is something businesses have to consider on a daily basis, but the fact is the cyber security challenges they face are becoming far more complex than physical security issues. A hack that sees company and customer data leaked online can have bigger consequences than someone breaking into an office.

The IoT market is quickly growing, and there's no doubt the risks will become more complex and wide-ranging, with a lot of them centered around data. Neil Bramley, B2B PC business unit director for Toshiba Northern Europe, says businesses are beginning to realise the threats when it comes to IoT and data protection.

"Over the next few years, the IoT will have a tremendous impact on how business environments operate. Companies are now beginning to recognise this rapid expansion of the IoT market and [realise] the security implications at the core of it Gartner predicts that worldwide spending on IoT security will increase from just $281.5 million in 2015 to $547 million by 2018," he says.

"With more touchpoints in play than ever before, and vast swathes of data being sent back and forth within this web of inter-connected endpoints, the threat of a cyber-attack and implications of such an incident are greater than ever before.

"Mobile zero clients are one of a growing number of solutions which businesses are implementing within their IT strategy to combat security threats brought about by IoT offering robust data protection and security with unhindered mobile working capabilities."

Advertisement - Article continues below

A rich opportunity for hackers

Data from connected devices is extremely lucrative for hackers as well as businesses. If they were to gain access to an IoT product, not only would they be able to control it, but they'd also be able to gain a vast amount of information about the user. David Buhan, senior VP of mobile and IoT services at Gemalto, says that IoT security is complex, but that firms need to take action now.

"There are lots of reasons to be excited about the IoT. Connected cars, wearable devices with seamless on-demand connectivity and Smart Cities are just a few of the new opportunities available to us by connecting devices to the internet," he says. "However, while the possibilities are seemingly endless, it's crucial security is at the heart of every development, and that we get it right.

"With so much data available, cyber-attackers are likely to find themselves with more chances to steal information and even seize control of devices. IoT security is certainly complex. It brings so many disparate players to the market that it often becomes difficult to formulate a holistic view on how to secure it."

Advertisement - Article continues below

Gemalto, as a company, has been taking a number of different approaches to ensure its assets and products are always secure. The firm has found it's crucial to have all areas covered, from the cloud to the actual device. If companies don't have the correct mechanisms in place, then they'll be at grave risk.

Buhan adds: "At Gemalto we advise taking three steps: advising all stakeholders to secure the cloud, secure the device and approach lifecycle management in the right way. Techniques like end-to-end encryption, secure key management and tamperproof hardware can make a hacker's life much more difficult.

Advertisement - Article continues below

"However, to make progress we need all stakeholders in the IoT ecosystem OEMs, CSPs (Cloud Software Providers), ISVs, Systems Integrators, MNOs, regulators and governments to collaborate and agree on shared security standards."

Legal challenges

When it comes to accessing and monitoring data from IoT devices, there are also legal issues companies need to consider. Mark O'Halloran, a partner and cyber security expert at Coffin Mew Solicitors, says companies need to have the right privacy and security safeguards in place to ensure customer data is always protected.

"On a superficial level, the Internet of Things seems like a fantastic step into the future. People can already control their heating and many other gadgets from their phones. Cars can monitor your driving skills and relay your position in the event of an accident. Bracelets can track and upload your movements and prompt you to take exercise. Smart lights know when you're in the room and can switch off when you leave it," he tells IT Pro.

"But the real challenge to privacy will be when almost all household goods and even buildings constantly monitor and talk to each other about your day-to-day activities and consumption. When the IoT ecosystem knows enough about you, it can start to pre-empt your needs and, with big data analysis, can figure out even your unspoken preferences.

"The forthcoming General Data Protection Regulation demands that companies processing all that data achieve 'privacy by design and default' and that's no mean challenge. With cyber-hacking becoming ever more sophisticated, the convenience and efficiency of IoT comes with a risk that your most private domestic life could be exposed [or] even manipulated directly by, big business, criminals and government agencies. Brave New World, indeed."

Advertisement - Article continues below

There's no changing the fact that IoT is an incredibly exciting industry with lots of future opportunities. It'll continue to grow over the years and more people will adopt connected technologies into their lives. But while this happens, companies need to consider the way they handle data and ensure they have the right security mechanisms inplace.

Image credit: Bigstock

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
data protection

Currys PC World parent firm hit with £500k fine over historic data breach

9 Jan 2020

Travelex disruption caused by devastating ransomware attack

8 Jan 2020