IoT implementation is too rarely undertaken using a holistic approach with a focus on business outcomes, and the EU Parliament has turned its attention the security issues this raises.
The persistent hype around the Internet of Things (IoT) has meant that a lot of buzzwords and fuzzy ideas are thrown around when discussing this technology. And whilst the benefits of what IoT can do are well established, there is nonetheless a lot of concern around security and privacy issues that relate to the explosion of data created by such systems. The European Union Parliament met at the beginning of March to discuss the fundamental rights implications of big data, highlighting that privacy and security are increasingly on the political agenda.
The EU’s General Data Protection Regulation (GDPR) that is coming into force next year is another step being taken by central authorities to protect consumers in this new highly data driven world. The challenge for IT professionals is how to implement IoT solutions in a way that is both secure and efficient in order to get the most benefit without putting client data or privacy at risk.
The incoming IoT device explosion
Gartner estimates that the number of connected devices will triple by 2020, bringing the total number to 21 billion. However, simply having the potential for a device to be connected does not mean that it should be. Many firms ‘run before they can walk’ when it comes to IoT implementation, meaning that projects are started without clear business objectives in mind. Not fully understanding business outcomes can increase the chance that IoT projects are wasteful, insecure, and inefficient.
Each connected IoT device is a potential opening for cyber attackers to exploit and with the proliferation of connected gadgets this could cause IT managers to lose track of their network vulnerabilities. Organisations should ask themselves what business value they aim to achieve before connecting every possible device. A clear security plan should be in place before an IoT initiative is implemented.
Leveraging Big Data Analytics using the data that is gathered from the myriad of IoT devices will ultimately be the key to increasing business value and achieving effective business outcomes.
Keep your eye on your network
Planning and design of IoT architectures should be done from the ground up. Companies often make the mistake of deploying IoT architectures within mission critical systems such as core databases that contain sensitive information. Engineers need to ask themselves whether it is necessary to connect IoT devices in to an existing IT ecosystem simply because it is possible. IoT devices such as building management systems, and other sensor networks should not be to connected to the core business systems exposing them to unnecessary threats.
Companies should consider completing a detailed network segmentation assessment of their IoT device infrastructure and consider the outcomes they want to achieve from IoT adoption. When planning IoT infrastructure, stakeholders from all aspects of the business need to be engaged. Bringing together senior executives who understand business aims with IT heads who understand the network may not always be easy, but it is necessary.
The case for holistic IoT adoption is particularly important as many IoT device manufacturers do not build their devices with security in mind - many devices are simply not designed to be secured in a manner that an enterprise organization needs them to be. Engaging with trusted advisors who are well connected to the OEM’s and their products is key to ensuring safe deployment of IoT solutions, but more importantly, no IoT device should be connected without a clear and comprehensive approach to implementing them securely.
The strongest security tool at any business’ disposal is the collective readiness of staff to counter security threats. Staff should be constantly provided with training opportunities to keep them up to speed on industry developments and the latest device standards.
A new regulatory world
The new General Data Protection Regulation (GDPR) comes into effect early next year, and will have great implications for anyone handling substantial volumes of data. IoT devices multiply the volume of data stored and transferred by a large factor, meaning that more and more companies, whether they set out to be or not, are becoming data-driven organisations.
The regulation will impose hefty fines on those firms who breach the new rules and require firms to more rigorously report cyber security events. In order to fully reap the benefits of data analytics, clients and citizens must be engaged and their trust won. We have recently seen a swathe of high profile organisations fall victim to data security breaches, exposing thousands of citizens’ personal information to potentially malicious actors.
With personal information more atomised this risk is greatly multiplied. A key challenge for organisations and businesses will be good stewardship of data and having oversight of the vast data volumes they will be handling. Some large firms with be impelled to assign a Chief Data Officer (CDO), whereas most smaller organisations would be able to assign data governance duties to an existing member of staff. Either way, the GDPR is a big wake up call for companies thinking about IoT integration in order to leverage data analytics.
Take a holistic approach
The benefits of big data analytics and IoT far outweigh the concerns that surround it. When properly planned and implemented, insights gathered from IoT devices become an important tool in staying ahead of the competition. Businesses have been able to transform their businesses through the insight gained from metrics gathered from IoT devices – this, coupled with data from other business processes, provides the “ground truth” for truly effective data driven decisions. To truly harness the power of IoT, firms must simply work smarter, not harder, and do so with an experienced industry partner to avoid the pitfalls of fad-driven technology.
Image Credit: Everything Possible / Shutterstock