The importance of Internet of Things data security and privacy

IBM Fellow, Distinguished Agitator, IBM

Without a doubt, the Internet of Things can improve the function and reliability of many things including cars, appliances and indoor living and working environments, but at what cost? Does this function and reliability have to be at the expense of our personal privacy?

Every device connected to the Internet runs the risk of exposing sensitive personal data to those who would abuse it. Saying “who cares?” may be tempting when the implication is making thermostat data accessible to others. But consider that even such innocuous information such as thermostat data can be used to determine when you are home, when you are out, how many people are in your home and so on.

What about your car? Data about your driving habits can potentially be used to determine your location at certain times of the day, where you shop and so forth. Of course, a criminal could use that information to rob you or do you harm. But a much more likely scenario is that you would be bombarded by unwanted ads and spam emails. And personal privacy isn’t all that’s at stake; industrial data can also be compromised in the same way.

How can an individual’s data get misused? The company that collects data may choose to abuse the data, or sell the data to someone who has nefarious intent with it. Alternatively, a company that collects the data for legitimate reasons may get hacked, and the hacker steals the data. Systems in companies collecting data may have data leaks that transmit data to other companies using those systems or they may have exposures that allow hackers to steal customer data from those systems.

This scenario in turn can open the companies collecting the data to costly privacy mitigation efforts, lawsuits and it may even impact branding. Consider the recent rash of credit card identity thefts that have occurred at retail stores and the costly recovery efforts the hacked companies have had to perform. Now expand that risk to the tens of billions of points of data collection predicted to arise in the Internet of Things industry.

Cases have also arisen in which governments choose to misuse private data or have had data stolen from them. In some cases, fear of misuse is so strong that an industry or government may regulate how data is collected and stored. For example, many countries have stringent requirements on the collection of personal health data such as the Health Insurance Portability and Accountability Act (HIPAA) in the U.S. Some countries such as Germany have strict regulations about shipping personal data of any kind outside of the country.

How can privacy be protected? Consumers need to read the fine print. Like Internet service providers (ISPs), Internet of Things providers need to let customers know about their privacy policy in regard to what they intend to do with the data. If the service doesn’t provide that information, consumers should demand it, and if it isn’t supplied, then they should look elsewhere.

A manufacturer or operator choosing an Internet of Things provider needs to understand two things: privacy policies about their own use of their data and the precautions to take to protect that data from others. In cases of extreme sensitivity, processing data at the point of collection on private hardware rather than shipping it to a remote cloud-based system for processing may be necessary. At the very least, the data needs to be encrypted before being shipped to a cloud-based platform for further processing.

Ultimately, the protection of data privacy begins at the source. IBM believes that sensitive information should never leave the sensor where it was collected without protection. IBM offers a wide variety of Internet of Things solutions to meet data privacy requirements, from simple standards-based data and link encryption to hardened on-premises or hybrid cloud Internet of Things solutions.

In addition, IBM is developing systems that support decentralized, peer-to-peer, Internet of Things processing to remove risks associated with centralizing private data when there’s no need to do so. The most important choice organizations can make is where they can entrust their data. Internet of Things data privacy and protection should be taken very seriously. Internet of Things privacy comes down to trust, and IBM has consistently been a leading-edge provider of data security and privacy for multiple industries. Take a look at IBM's Internet of Things offerings today.