Understanding Data Security in the IoT

Not too long ago, the Internet was something you only accessed through your PC. It sat on your desk in the corner of your house and communicated via a dialup modem or cable connection. Now the Internet is everywhere. It's not only on your mobile phone; it's also making appearances in our wearable devices and connected appliances. Now more than ever, we are transmitting data at levels that nobody could have foreseen just 20 years ago. This data covers everything — from the temperature in our homes and our energy consumption levels to our sleeping patterns and what we are keeping in the fridge. All of this data is going to become increasingly accessible as we look ahead to the progression of the IoT. The ability of third parties to link this information and get a composite picture of people will only become easier with time.

Of course, there is a lot of convenience in IoT technology. The key, however, is smarter decision making. So when, for example, element14 Community member Frederick Vandenbosch created an IoT alarm clock that woke him up according to the train schedule in his native country of Belgium, he tapped into data that was very smart and useful. However, it also ran the risk of exposing him and his morning whereabouts to outside networks.

His solution, like with many other engineers, raises an important question about the one point we haven't adequately addressed in the IoT: security. How do we make sure the individuals accessing our data are people we actually want accessing our data? Moving forward, how are we going to make sure people who wish us ill or want to be intrusive don't have access to our personal information? Understanding data security in the IoT is the first step to implementing more effective change.

Necessary changes
For many IoT app developers, security is still largely a secondary concern. However, there are a handful of companies working on developing solutions that signal a change for the better. For example, at this year's Electronica event in Munich, Swissbit demoed two Raspberry Pi boards that have achieved secure communications. Atmel is testing and developing CryptoAuthentication technology to ensure that a compatible product, the firmware it runs, the accessories it supports, and the network nodes into which it taps are not cloned, counterfeited, or tampered with.

However, what these two firms are doing is not enough. Others have their own parts to play in tackling the issue of data security in the IoT. As technologists, it is our obligation to help those outside our industry understand the scope and severity of this issue. Countless consumers are purchasing wearable and connected solutions without fully understanding all the data about themselves that they are exposing. Technologists can play a role in facilitating informed debates on security, privacy, and the technologies underpinning it.

Similarly, national governments need to realize their understanding of technology is not keeping up with the pace at which technology is changing. They must also facilitate informed discussions on privacy and security, and how deeply they are getting involved in either sector. Lastly, they must also come to terms with the fact that there will be a limit to the policy they can enforce regulating security and the exchange of information.

The engineer's role
Engineers are at a turning point in the way they think about designing IoT solutions. We are starting to move out of the phase of “Can we connect these devices to help make better decisions?” and into the phase of “What about the safety and security of these now connected devices? How do we make sure we're not exposing people to the possibility of intrusion or harm?”

Though M2M communication has been around for a while, and even though the IoT as an idea is not very new, many engineers are embracing it like the first aviators of the 20th century. When the Wright brothers took off in their first aircraft, they weren't concerned with wearing a life jacket or safety equipment. All they were concerned with was the question “Could we fly?” And fly they did. It was only later on when aviators were able to think about structure and safety. Engineers working on enabling the IoT are starting to think about those components, too, like in some of the examples I mentioned above. In the IoT, we can certainly fly. We just need to make sure we're safe.

Related posts:

1 comment on “Understanding Data Security in the IoT

  1. Himanshugupta
    December 30, 2014

    I liked the way you put up comparison with the aviation industry. I totally agree that we are not too much concered about the security or personal information because all these IoT or sharing things is too new to us and people are busy in experimenting things. As a matter of fact, not many countries have strict cyber laws or internet related policies. It will take some time before we will warm up to the idea of securities, policies and laws.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.