Image courtesy of Shutterstock.
The Internet of Things (IoT), also referred to as Internet of Everything (IoE), is kind of like the term “cloud”—it is a difficult concept to precisely define and kind of hard to comprehend. In its most simplistic sense, IoT describes a world where just about anything can be connected and communicate in an intelligent fashion utilizing internet technologies. The IoT takes nodes across the internet beyond computing devices, and includes devices that can power billions of everyday devices.
The IoT is likely to have a significant impact on our lives. The industries that will be impacted most are telecommunications, electrical utilities, transportation, industrial control, retail, healthcare, water resource management, petroleum, automobile, and government—but the reality is there is applicability across every industry.
From a strictly technical perspective, the Internet of Things integrates multiple wired and wireless communication, control, and IT technologies, which connect various terminals or subsystems under a unified platform that uses open and standardized data technologies such as XML/web services/SOA. Its system functions include remote monitoring, automatic alarms, control, diagnosis, maintenance, global device management, and integrated, intelligent information services for users.
So how will this impact you and/or your organization? The biggest areas of concern are security and privacy.
As a society, we are becoming more and more dependent on intelligent, interconnected devices to help us more efficiently manage our lives. As the IoT continues to grow at a fast pace, more and more devices are being connected to the internet, creating new network security challenges and, in turn, increasing the number of potential cyber threats. By connecting so many smart devices such as TVs, refrigerators, garage doors, health monitoring devices, traffic sensors, video cameras, etc. to the internet, the floodgates to potential malicious activities are being opened.
With this in mind, we must improve safety and security in IoT at the device, network and system levels. There are vulnerabilities found in IoT that can pose serious security threats, including unencrypted storage of customer information, poor password security, data leakage, lack of authentication for customer data, and poor mobile security. If these issues are not addressed, IoT vulnerabilities could result in hackers getting access and control not just of your refrigerator and thermostat, but your door locks, car, and even your pacemaker.
As is the case with any technology, there are corporate/organizational responsibilities as well as personal responsibilities as it relates to creating an environment that will secure these devices and the data that is being collected.
With this in mind, companies’/organizations’ responsibilities should include:
• Building/developing more secure embedded operating systems and applications.
• Developing more scalable approaches to constant monitoring of such issues.
• Developing new techniques for detecting and blocking active threats to ensure a more secure and reliable IoT experience.
End users must accept their personal responsibility and should:
• Change the default passwords of IoT devices before putting them to use.
• Choose strong passwords for enhanced security and change them on a regular basis.
• Take extra care about installing updates.
• Take the safety and security precautions of connected devices just as seriously as your PCs or laptops.
IoT also opens the door to privacy issues. The IoT enables extensive potential for data profiling. Everyday appliances now can collect data—all of which can be shared, if appropriate privacy protections are not in place.
The most significant privacy challenge may be that although the IoT is a global phenomenon—legislating data privacy is localized. Whereas the United States prefers what it calls a “sectoral” approach to data protection legislation that relies on a combination of legislation, regulation, and self regulation—the European Union (EU) prefers a more regulated approach and has drafted the Data Protection Regulation that looks to strengthen the powers of data protection authorities and allow for significant sanctions to be imposed for violations.
Regardless of which approach is adopted, a standardized global approach is needed. This approach must place a clear emphasis on protecting personal data from the earliest stages of product development and should also ensure that security be embedded in the technology of the device itself.
John Matelski is CIO and director of information technology for DeKalb County Government (Georgia) as well as president of the Independent Oracle Users Group.