Securing privacy in Internet of Things(IoT)
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
These days we are connected to our smart watches, phones and iPad. And, we have now seen an avalanche of products having features that replicate the internet of things – our cars can, at a command, play songs we want, our fridge can nudge us to order milk or eggs and we can control our barbeque stand through our phones. Yet, the privacy considerations in these tools stand out when it comes to the internet of things. In this article, I review what works to ensure the privacy of data collected on the IoT.
The internet of things is expanding quickly with huge gaps and security questions. According to research, it’s plagued with vulnerabilities, malwares and with the potential to destroy business processes. Cyber-attacks are increasing due to these vulnerabilities in IoT devices. But I digress.
There are known methodologies that can protect businesses that bask in the IoT space. But many fail to implement these methods in a feasible technical and organisational way. Using firewalls, IDS, anti-malware, and cryptographic methods can help defend against attack. But what exactly is the internet of things?
The internet of things is a collection of devices attached to the internet to collect and exchange data using nodes and controllers. The main goal of IoT is to improve the quality of life and provide benefits to organisations and government institutions. Imagine a country with roads that collect data daily, those data sets can help in a variable of ways: it can inform the stakeholders on what needs repair, the load on the road and other important things that can help improve the usage of that road (this is usually called smart cities). A medical doctor can collect so much information from watches patients wear and measure heart rates, sugar levels, etc. This is all made possible by the marriage of internet and hardware.
Many individuals and organisations are embracing IoT and yet many fail to consider the security. The potential for cyberattacks which may lead to privacy breaches is enormous and companies must be aware. I have mentioned known methodologies that can be inputted into these existing networks. However, there is the need to ensure that privacy by design and its (seven principles) serve as the main feature that most companies now pay attention to. In 2025, there is the claim that IoT will increase by 41 percent and that’s a huge jump. Then the question remains: how will privacy be treated?
It is also key that companies put good practice in mind especially, maintaining what is called the CIA triad: Confidentiality, Integrity, and Availability. With confidentiality, data should not be accessible to anyone without appropriate permissions; with integrity, data should be stable and not mutable to anyone without the right permissions; and with availability, the device should be available with those individuals with appropriate permissions. If companies don’t take proactive measures in employing these approaches, attacks and malfunctions will trample the intended business benefits. The onus, therefore, lies with stakeholders to ensure that as they create these products, they pay attention to privacy and security implications or consult with an expert before launching projects/products.