While IoT is often described as the new best thing, creating many opportunities, or even the next industrial evolution (Kennedy 2018), it also invokes negative connotations. This is due to the security and privacy concerns along with uncertainty about what these devices could possible do. Thus, new regulatory approaches become necessary to ensure privacy and security (Weber 2010).
The internet of things, or IoT, is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction (Rouse 2016).
IoT is driving nearly every company in every sector to become more technology focused, with data as a key asset. Therefore, not only IoT devices should be secured but also the data these devices collect, share and store. According to a research by Gemalto, a cybersecurity firm based in the Netherlands, 90% of the consumers lack confidence in the security of IoT (Roe 2018). Additionally, according to a research by Cisco, almost 97% of risk professionals are of opinion that a data breach or cyber-attack due to unsecured IoT devices could be devastating for their firms. To ensure the safety, attacks have to be intercept, data authenticated, access controlled and the privacy of customers (natural and legal persons) guaranteed (Weber 2010).
Furthermore, the hype surrounding IoT causes shortsightedness when firms start their IoT journey. Organizations wrongly focus on “cool” technology to obtain fast results and incremental results. This focus on the new tech hype, rather than the actual business problem, maintains other misunderstandings about IoT that hinder its adoption.
Another problem with IoT is that organizations often underestimate its complexity. IoT is a convergence of markets and ecosystems, with seemingly endless use cases in all vertical sectors, payoffs, opportunities and new value propositions (Kranz 2018).
So how can these problems be solved?
Organizations should understand that it is nearly impossible to implement IoT successfully on their own.
A paradigm shift is needed, as today’s layered security models are inflexible, not probably scalable and based on technologies decades ago. Unfortunately IoT is completely different, heterogenous, highly distributed and connect. Due to its nature, IoT asks for a heterogenous and differentiated legal framework that adequately takes into account the globality, verticality, ubiquity and technicity of the IoT (Weber 2010).
Another key to success would be to build partner ecosystems of horizontal, vertical and local specialists and then co-innovate with them (Pop 2017). This should happen in a multiprotocol environment, to ensure the safety and security of all data and IoT.
What are your thoughts on this? Should this ecosystem be regulated by governmental institutions or should organizations have the freedom to ensure safety on their own?
Bibiography:
- Kranz, M. (2018). Overcoming the Dark Side of IoT. [online] blogs@Cisco – Cisco Blogs. Available at: https://blogs.cisco.com/innovation/overcoming-the-dark-side-of-iot [Accessed 14 Oct. 2018].
- Kennedy, K. (2018). 2018 Internet of Things Trends. [online] G2 Crowd. Available at: https://blog.g2crowd.com/blog/trends/internet-of-things/2018-iot/ [Accessed 14 Oct. 2018].
- Pop, O. (2017). Building & Managing an Ecosystem of Co-Created Value. [online] Blog.hypeinnovation.com. Available at: https://blog.hypeinnovation.com/building-managing-ecosystem-cocreated-value [Accessed 14 Oct. 2018].
- Roe, D. (2018). 7 Big Problems with the Internet of Things. [online] CMSWire.com. Available at: https://www.cmswire.com/cms/internet-of-things/7-big-problems-with-the-internet-of-things-024571.php [Accessed 14 Oct. 2018].
- Rouse, M. (2016). What is internet of things (IoT)? – Definition from WhatIs.com. [online] IoT Agenda. Available at: https://internetofthingsagenda.techtarget.com/definition/Internet-of-Things-IoT [Accessed 14 Oct. 2018].
- Weber, R. (2010). Internet of Things – New security and privacy challenges. Computer Law & Security Review, 26(1), pp.23-30.
Hey Mike,
I really liked your post and wanted to share my vision on how to deal with security and privacy issues. IoT is a technology with a lot of potential, but as you mentioned it has also drawbacks such as with privacy like a lot of other internet technologies. Besides, IoT is developing really fast and a lot of companies are involved with this technology. Privacy issues could lead to consumers losing their trust in companies and great technologies. I believe transparency about technologies and its data collection could play a great role on solving trust issues. Regular conversations between consumers, companies and regulators about this technology and its data collection could be play a great role to protect consumers as well as companies. These conversations could enable to get to know where concerns of consumers are and companies could anticipate on these concerns while regulators could set regulators to guide tech companies of IoT. What do you think?
Hey Mike,
In my last comment I forgot to to mention GDPR, which is a new regulation on data privacy and the protection of personal data. This regulation became enforceable in 2018. One of the consequences is that users of IoT-devices have to give explicit consent concerning data collection. In the absence of standard screen user interfaces, this can be quite hard. Another case is concerning organizations that processes personal information. These organization must present data of their clients or others from whom data is collected, when these people ask for the collected data about them. But what about CCTV cameras in smart cities? This has far-reaching implications for maintaining law and order, health and safety, and preventing fraud or other criminal activity.
The link below discusses also other effects of GDPR on IoT.
https://internetofthingsagenda.techtarget.com/blog/IoT-Agenda/What-does-the-GDPR-mean-for-IoT
These are complex issues and yes, GDPR offers regulation and guidance on how to handle data collected from customer for example, but are they enough?
I think that this regulation could lead to ambiguity on the side of companies working with and developing IoT-applications and that this could eventually slow down innovation and working with or developing IoT-devices and applications. What is your take on it?
Hello Mike,
That’s a really interesting post and a hot topic. IoT data from sensors and modules, indeed enclose much of sensitive informarion for industrial use, as well as commercial, private one. Being able to breach into such data, no matter how well encrypted, could disclose far too much information for the value chain and strategy of a firm and the personal life and habbits of the common users. Data and especially large data sets, is now a really strategic asset
[https://sloanreview.mit.edu/article/whats-your-data-worth/] that in the wrong hands could provide information that goes against the healthy competition market rules. In that respect data should be discretely and securely handled. Goverment bodies, should pay more attention to the regulation of the data markets and via legal means provide assurance and impose the highest standards for these practices. GDPR was a good move but we should move in a globally implemented approach regarding those matters. Could be politically impossible, so for now businesses should rely on outsourcing to crypto and security specialists and make their best efforts to achive the maximum safety.
Very nice article. I wrote a similar blog regarding cyber security, focusing on data breaches. I agree that there should be more focus on the actual business problem that comes with this IoT and data-driven period. From what I read for my blog, I think that it is better that firms do not entirely have the freedom to ensure safety on their own. As you said, it is almost impossible for a single firm to do this, as IoT makes everything heavily connected. I believe they should work together with connected firms and the government should interfer with high-level regulations.