Internet of Things (IoT) is hot. Really hot! Every single industry from buildings to healthcare to financial services is looking at IoT. As more and more organizations look to capitalize on the blistering IoT market, they…and consumers risk the equivalent of ‘running with scissors’ when it comes to security and privacy.
PERSONALIZING MECHANICAL DATA
IoT presents a number of new sources of data. Some of that data is mechanical and non-personal in nature. A good example is machine data from sensors in a data center. The sensors tell a story about how the data center is performing. Those sensors may include electrical equipment, temperature sensors, airflow and water consumption.
However, some machine data can be personalized to provide insights to a person’s behaviors. An example in the Retail industry might be sensing how many times a person enters a store, the path they take within the store and ultimately what they purchase. In an office building, it may be telemetry around movements of people in/ out of the building, use of the restroom, meeting rooms and the like. At home, it might be temperature settings, entering through the garage door, turning on/ off lights.
The fact is: sensors are everywhere and organizations are starting to correlate the data from those sensors to people behaviors. Now, while most have the best intentions on integrating this data (creating better work environments, automating efficiencies, understanding purchase decisions, etc), it does bring up the question of how data is used.
THE INTIMACY OF WEARABLES
Adding to the data streams from machine data, there is a large source of IoT data is coming from personal devices including those we wear or wearables. And in some cases, this data is being correlated with machine data to provide even more personal automation.
The data coming from wearable devices is interesting…and personal. How personal? Very personal. Sure, wearable devices can register your exercise, activity patterns and sleep patterns. They can also tell when you have elevated heartrates and swift movements. It essentially starts to identify patterns…even intimate patterns. Start to marry this data with other data around location, purchase habits and you start to see how the data streams can be very telling. For example, one could surmise with accuracy what products were purchased before and after certain activities which in turn could provide a very personal perspective on the person.
Now imagine if that data or those patterns were made public. One starts to see how the privacy concerns about our behaviors (intimate or otherwise) quickly become apparent. That is not to say that we should avoid IoT and wearables.
SHIFTING FROM AN AFTERTHOUGHT TO CORE
The obvious solution is to take care with the data and understand how it is used. As with many technology solutions, the security of the device and the data often comes as an afterthought. Unfortunately, IoT is following in those well-understood footsteps.
Security often flies in the wind to avoid constricting innovation and speed to delivery. This is true across the strata for IoT from devices through gateways and all the way to applications. It seems that privacy and security is a routine subject for IoT. Privacy and IoT are not new challenges for innovation in its infancy. The level and intensity of interest in privacy is starting to reach a feverish pitch as device users start to consider the implications.
The issues are not just around wearables either. The same issues reside for corporate IoT solutions that start to understand and react to user behaviors. Even the historically most mundane things, like a building, are starting to get a personality. The personality of the building is starting to understand the behaviors of its users. No longer is security and privacy relegated to only newer solutions.
Now is the time to stop thinking of security and privacy as an afterthought. It is possible to infuse both into each step of the process. It requires a change in the culture and way that solutions are developed. Consumers can help drive these changes through their buying habits. Look for solutions that take security and privacy seriously. End-users, whether corporate or consumer have the best opportunity to impact change.