The “Internet of Things” (IoT), also known as the “Internet of Everything” has been around as a concept for the last 3-4 years. Ever since I have learned about IoT, I became instantly intrigued by its potential to bring data together in an unprecedented way. However when I started thinking more about the implications of IoT, the more I felt that this topic is critical for IT / Technology Leaders to understand and how this may affect their organization.
Internet of things or IoT is massive. And businesses are making the most use of it. Business data operations are being recorded around the world and its making the storage of data quite easy. Anyone can use one of the best electronic design services or any other form of service and track it without every losing even a single MB of the data stored.
For anyone who is not sure what IoT is, essentially, the Internet of Things (IoT) is the network of physical objects—devices, vehicles, buildings and other items embedded with electronics, software, sensors, and network connectivity—that enables these objects to collect and exchange data.
Imagine, how doctors can better understand the impact of their treatments if wearable technologies (when authorized) can take real time information of a patient and monitors the patient’s health and activity. What if a workplace tool like a work glove or a chair that report a user’s weight/temp/activity level and possibly heart rate to personal fitness software, or for HR personnel to monitor employee well-being. But at the same time, a little mistake in the programming can make life-saving equipments go bonkers, which would in turn endanger the patient’s life. The same can be said just about any software there is, because errors are inevitable. An example is when Cutepdf is throwing a 216; this shows how the most simplest of the softwares like one mentioned exhibit and are made up of errors.
An interesting example I read about recently involved the possibility of your car communicating with a smart traffic grid, which in turn helps identify the best routes for your trip and maximizes traffic patterns for everyone else. Personally, this is an example of a use of IoT that I would be very interested in utilizing to maximize my commute and my trips into downtown Chicago. However, the flipside of this is the concern of whether the smart grid or other device is recording personal data as they travel through the city, raising significant privacy concerns.
Below are what I feel are The Three Fundamentals Every Technology Leader Should Know regarding this growing technology trend, specific to the IoT:
1. Connected devices can walk into your organization, and you will not know what data they are collecting. Google Glass was one of the first examples of what IoT can be, as well as the privacy and security concerns this technology brings. Some organizations have already banned Google Glass from their facilities, and for good reason. Hospitals, Schools, Theaters, Banks and other public and private organizations have legitimate concerns about the privacy of data and protection of copyrighted material from being recorded/analyzed by someone using this technology. However, this is such new technology, that laws have not yet caught up and it is still to be determined if there is a legal basis for banning this technology in public areas, and what criminal charges can people face for using this in specific places, although the use of criminal attorneys from www.criminalattorneylongislandny.com/areas-served/long-island/legal-services/ could also help with this. I believe that someday we may see similar placards in public institutions similar to the Concealed Carry placards you see around for devices like Google Glass.
In the meantime, what can you do? Review your organization’s “Bring Your Own Device” (BYOD) policy to ensure it is up to date and considerate of connected devices. The BYOD policy for your organization should define the acceptable use of personal technology, what available support will be available for personal devices, any reimbursement for the devices resulting in business use, the necessary security requirements and finally a statement of the person’s risks, liabilities and disclaimers for the use of personal technology. You can find several examples and templates online. In fact, if you believe your staff needs some trainings on cyber security, schedule them for cyber security training for beginners.
2. There is no “silver bullet” solution to manage privacy and data security with IOT devices. While a BYOD policy is a great start, it is very difficult for organizations to manage and enforce the policy without smart solutions that IT Leaders may be able to implement today. Technology leaders need to be aware of this ever-increasing security and privacy risk that employees are bringing into their organization. While there is not a single solution right now for a comprehensive IoT security application, there are steps organizations can take to protect the data and privacy of the organization and the people within it.
Here are five guidelines I have collected from several industry experts to help protect your organization that you can do today:
- Create several points of unique user identification, authentication along with log off timers
- Encrypt all of your data during any data transfer activities
- Assess and control who has access to the data, including access to physical data storage devices
- Implement a process of reviewing system activity logs
- Rigorously evaluate the security capabilities/gaps with any new cloud solution being considered for your organization
3. Finally, be aware of what technology developers are working toward when building IoT enabled devices. Edith Ramirez, Chairwoman of the FTC had the following recommendations regarding security in IoT devices her opening remarks at the International Consumer Electronics Show in Las Vegas Nevada on January 6, 2015.
“Companies should prioritize security and build security into their devices from the outset. Specifically, companies should:
- Conduct a privacy or security risk assessment as part of the design process;
- Test security measures before products launch;
- Use smart defaults – such as requiring consumers to change default passwords in the set-up process;
- Consider encryption, particularly for the storage and transmission of sensitive information, such as health data; and
- Monitor products throughout their life cycle and, to the extent possible, patch known vulnerabilities.
In addition, companies should implement technical and administrative measures to ensure reasonable security, including designating people responsible for security in the organization, conducting security training for employees, and taking steps to ensure service providers protect consumer data.”
Chairwoman Ramirez made additional recommendations in her opening remarks to minimize the amount of data collected to only what is necessary and communicate to consumers any data collection changes along with the ability for consumers to choose what they want to have collected. By collaborating with IOT device developers or reading the newest developments in this space, you can better understand what the risks and benefits are for implementing IOT devices in your organization.
The Internet of Things services are only going to expand and the potential benefits of this trend in technology may be immense and have tremendous benefit to society. However, security concerns need to be at the forefront of every IT and Technology leaders mind especially during this nascent time of experimentation, growth, and maturation within business and society. TSI has proven experience helping IT/Technology Leaders assessing their technology and defining an IT strategy while answering the questions “How prepared is our organization for upcoming technology trends, and what is our next step? Contact TSI today to discuss your technology strategy and assessment needs.