The network of physical objects controlled through the internet has ballooned over the last few years. The Internet of Things (IoT), a system of interconnected devices or objects, has completely transformed the workplace and the world around it. All these connected devices allow people, computers, electronic devices, machines, wearables, animals, and any other item the ability to communicate and share data over the Internet.
As more objects have come online and interconnected, the data flowing among them has exploded. The ownership of this vast amount of data is a contentious issue that concerns everyone, more specifically those who own the legal rights to share the data and do ‘business’ using it. The use and potential misuse of the vast volumes of data has concerned end consumers and vendors alike.
Concerns Related to the Ownership of IoT Database Rights
Despite the common saying, when it comes to data, ignorance is not bliss. The potential of IoT is great. The data can not only monitor a host of personal information such as health issues, but can also give detailed information on daily lifestyle: which buses and trains people board while going to their workplace, the cars they drive, household appliances they use, and many more. Also, according to an article released by British Telecommunications, wearable devices such as fitness devices and smartwatches have been found to significantly increase the workplace productivity. These wearable devices can share information with other connected devices at the workplace. However, security continues to be a major concern for many employees.
The ownership of database rights is an important issue for two main reasons:
- Several players are involved in processing, collecting and managing the data that IoT systems and sensors generate. First there’s the individual who uses an interconnected device, the entity marketing the device, the manufacturer or manufacturers of the device or its parts, the software, and app developer. With all these different parties participating in the lifecycle of the IoT data, it’s important to clearly define who owns which parts of the process in order to avoid conflict.
- While the aggregation of data adds potential value to the market, there are different parties who may want to exploit this data for different objectives, such as producing market intelligence, targeting ads, or providing better advice. Deciding on who owns the data will help the industry identify and demarcate who can use it for potential financial gain, and most importantly, who can stop others from exploiting it.
IoT’s Data Security Challenges
According to business technology news portal ZDNet, end users can’t really claim ownership rights to the data gathered by any off-the-shelf system they’ve installed. For instance, if you’ve recently installed SmartTV you can’t entirely claim the ownership of the data collected by the electronic device.
In Europe, where consumer privacy and security concerns related to IoT data are top priorities for regulators, many companies address the ownership rights issue head on. Companies that have made a sizeable investment in aggregating the data and storing it in a fixed database get the first ownership rights. However, if more than one entity is involved in the process, things get murkier, and given the highly valuable data obtained from IoT devices, this gives rise to disputes among the entities. Most data protection legislation has been drafted to be relevant to future technologies, so these laws effectively address the usage rights of the massive data in IoT.
A recent high profile disclosure involving Samsung SmartTV, showed that ignoring privacy rights may wreak havoc on the consumer perception. The privacy policy for the SmartTV explained to customers is that if they discussed any personal or sensitive information in front of the TV, “that information will be among the data captured and transmitted to a third party through your use of Voice Recognition”. SmartTV users found this information deeply invasive and troubling.
To avoid such events of consumer security in the nature of probable exploitation of data by third party players, effective pieces of legislation are required to address the privacy rights when data goes through several stakeholders. Furthermore, appropriate privacy and the security mechanisms need to be implemented which should ensure that security issue is not a once and done kind of thing.
Best Practices for IoT Security
As estimated by Gartner, IoT security is forecast to reach $547 million in 2018. Therefore, it becomes imperative for organizations and users to implement appropriate measures that fortifies the security of their IoT data.
1. Extend the Security Coverage: Until recently, the Wi-Fi coverage area for most organizations was limited to the location of the company. However, smart devices, these days, are moving beyond the boundaries of office campuses. Therefore, organizations should be well equipped to ward off any malicious attempts by users to tamper with the devices and gain access to internal corporate networks and resources. Modern security measures and solutions will extend the security scope beyond the usual endpoints.
2. Prioritize Resources: Smart devices may begin with limited resource requirements, but as they upgrade, they gradually start seeking more network resources. If a large number of smart devices access network resources simultaneously, the network performance gets significantly affected. Therefore, it becomes necessary for organizations to adopt proper mechanisms that monitor, limit and prioritize the resource level access for each device and defines the times these resources can be accessed.
3. Secure the Data Storage: When there is an increase in the number of connected devices, there is also a momentous increase in the data generated, which includes data generated in files and folders, and metadata such as settings and configurations. Therefore, investment in data security mechanisms for protection against theft or loss becomes necessary. Measures such as additional storage capacity and disaster recovery also ensure multiple returns in terms of long-term savings and data security. For cloud-based storage, it is advised to keep a check that network connected IoT devices are not flooding the expensive storage area with undesirable data or unnecessarily consuming data transfer bandwidths.
4. Minimize your Profile: Phishing attempts can be easily made on applications by reverse engineering their codes. To reduce this risk, use tools for application hardening and code obfuscation. It is also advised to choose programming languages based on the security requirements of the organization.
How to Make IoT Data More Useful
Everyone is talking about the size and the expanse of the Internet of Things, which according to a report published by Juniper Research will connect anywhere between 20 million and 38 million devices by the year 2020. But is size the real issue? Gartner’s Paul O’Donovan claims the real challenge is the construction of a business model that makes the IoT data worthwhile. Rather than connecting previously available devices, more focus should be driven on data processing and analytics that will provide actual intelligence to these connected devices. More attention should also be paid on the development of IoT gateways–places where users can connect to the IoT–as well as on devising mechanisms that optimize the volume and the variety of the data generated and collected. Internet Service Providers (ISPs) should develop solutions and partner with hub manufacturers. Mobile phone providers should gain enough bandwidth to compete with the ISP solutions. This will make the IoT transformation truly constructive.