Could the Internet of Things spark a data security epidemic?
Internet of Things this, Internet of Things that -- it’s all anyone can talk about these days. And rightfully so, when you consider the development and adoption of IoT products are driven by multiple factors, including an increase in broadband penetration worldwide, the development of wireless communication technologies, advances in 'smart' device capabilities and an increased demand for personalized, omnichannel customer experiences.
But transitioning to an IoT-dominated world is a delicate balancing act. On the one hand, you have businesses benefiting in many ways. For instance, connected devices allow them to better understand their customers’ needs and preferences by analyzing their behavioral patterns. For consumers, on the other hand, it’s all about personalization, personalization, personalization -- getting from point A to point B faster than ever before -- in a more relevant and personal way. Furthermore, most conversations around data protection solely focus on elaborate 'hacks', when in reality, the most immediate and grave security threats aren’t always sophisticated or complicated. It’s time that we flip the IoT conversation on its head to focus on the increasingly common data vulnerabilities and less complicated security threats -- of which, consumers are lacking awareness.
The High Price of Being Connected
The beauty of IoT-enabled products is connectivity: your watch connects to your phone, which connects to your car, which connects to your house, which connects to the grid, which connects to any number of vendors and suppliers. That means that each of these devices will be interacting with many other devices on a variety of networks. However, when one connects to another through insecure Internet connections, or doesn’t have systems in place to prevent outside hackers from breaking through and accessing data, your system could "inherit" any flaws on those devices you’ve connected to.
Consider this analogy: You are out at a local shopping mall and connect to the building’s public Wi-Fi network on your mobile phone. If another individual’s device with an unknown security flaw also connects to that same Wi-Fi, data from your phone could be accessed and potentially stolen. And you could transmit information from your phone to your car, tablet, desktop computer or any other connected device. Understanding how devices are potentially interacting with other devices across all networks is crucial to keeping IoT systems secure.
Opposite of Dum-Dums
What separates smart systems from "dumb" systems? IoT-enabled devices collect huge amounts of personal information, which can be retained and used to extrapolate users’ behavioral patterns and preferences. By doing so, businesses can then use these insights to automate and improve the overall user experience. This information is extremely valuable for businesses and consumers alike.
However, it’s important to think about what happens to that data after you are done using the devices. In addition to acquisition and implementation, be sure to consider end-of-use or end-of-life scenarios too. In these cases, there needs to be a core feature and functionality in smart refrigerators, smart thermostats, smart TVs and all other connected products that fully wipes all data clean and can then show verifiable proof that no residual data could ever be recovered.
When Your Car Knows Too Much
Many rental car agencies around the world today allow you to rent a car that can sync up to your personal data across all digital devices. This allows drivers to have the most advanced features and functions available to them -- Bluetooth, voice recognition, GPS, music apps -- you name it, they have it.
Most of these features mean a more personalized, intuitive, efficient and enjoyable driving experience for consumers. Instead of having to switch between radio stations and hear those annoying commercials between songs, drivers can quickly and easily sync up their saved music playlists from apps like Spotify, Pandora and Rdio. They can also make phone calls to recent contacts from the car’s dashboard and use GPS directions to find the nearest bakery.
But what happens when the next renter gets behind the wheel? Will the second driver, third driver, fourth driver -- all the way to the next thousandth driver and beyond -- have access to all of those previous drivers’ data? You can bet most people have and are already asking these questions. And I wouldn’t doubt that some businesses are also asking them. But, and this is how privacy and security concerns become a very real scenario, they’re only doing it after-the-fact once their products have already been built, tested, approved, marketed and launched in the market (and are firmly in the hands of users). Not nearly enough businesses have addressed this yet to the extent that it’s included as a very real and very critical component of their product development.
Knowledge Is Power
With Gartner predicting that 6.4 billion connected things will be in use worldwide in 2016 -- up 30 percent from 2015 -- we’re in somewhat of a precarious predicament. Clearly, IoT isn’t a far away reality; it’s already here. If consumers aren’t taught and informed up front about the different ways to manage and remove data completely at every stage of the data lifecycle (not just when they stop using their devices and gadgets), we could have a data privacy epidemic on our hands. Subsequently, businesses that fail to consider the entire lifecycle of data when developing IoT products will see lower adoption rates, lower sales and revenue and lower customer retention/loyalty.
Pat Clawson was named Chief Executive Officer Blancco Technology Group in January 2015, bringing more than 20 years of experience in technology and IT security. Most recently, he served as Chairman and Chief Executive Officer of Lumension Security, Inc., where he successfully grew the business to strong revenue growth and profitability. In addition to successfully launching new technologies into the marketplace and guiding four businesses through acquisitions, Clawson has also established himself as an IT security pundit within the media. His insights have been featured in many of the world’s most influential news publications, including WSJ, CNN, CNET, Washington Post, USA Today, Forbes, CIO and Infosecurity Magazine, just to name a few.