Internet of Things data access and the fear of the unknown
The most fascinating concept of the world we live in today is the availability of data. We have access anytime, about anything or anybody and anywhere from any connected device. This access brings both excitement and fear of the unknown. Previous posts in this series, The Internet of Things is here and What the Internet of Things means for today and tomorrow, introduced the changes around us that are being driven by the Internet of Things. These recent posts also discussed how enterprises are evolving along with these changes. This installment discusses the concerns that can be created by highly accessible, streaming Internet of Things data.
Fearing the unknown from data access
Why is the fear of the unknown a factor with Internet of Things data? To answer this question, consider a few examples of the use of the Internet of Things in today’s world.
The arrival of smart thermostats represents a very exciting and powerful Internet of Things technology. For example, based on the choices you make for controlling temperature, lighting and timing inside your home, you can use your smartphone or tablet to control these home environment conditions from anywhere in the world.
This capability has created much excitement in the consumer market. Millions of homes now have these devices installed. But what about the data part of this solution? To be able to do this smart thermostat magic, the device needs to be permanently connected to the Internet, not only to accommodate access, but more importantly to continuously send information to the power company or device manufacturer or both. Hence, the fear of the unknown: if anybody can get access to these devices and obtain your credentials from the stream of data, imagine what can happen next.
Not only is identifying user preferences possible, someone hacking into the smart thermostat can monitor your presence in the home, break in when you’re not there or worse. Once someone has access to the network, theft of data can occur that possibly leads to other kinds of damage.
Is this solution really that insecure? The answer is no. But ongoing work in the area of data governance and data privacy attempts to address the gaps in security that can cause concern. To help minimize these concerns, the underlying security of the data needs to be well managed.
Electric automobiles manufactured by Tesla Motors and Nissan, for example, are touted for being purely electrically driven thanks to the amount of computerization and logistics that make driving them an easy task. Similar smart car development efforts are underway with the Google driverless car experiments and testing and research at BMW, Mercedes Benz and other auto manufacturers. All this smart car technology is fantastic and thought provoking, but smart cars have the capability to continuously communicate information—the condition of the vehicle, geographic coordinates of its location—to the manufacturer and possibly the dealer where the car was purchased.
This capability can induce worry—more so over whether the transmission data is hack proof, for example, than whether the transmission is mechanically safe. And this concern is for good reason. If a transmission is intercepted, actions such as passing incorrect algorithms to the engine that may increase speed or cause a breakdown or an accident in a driverless vehicle are possible. Hacking into a smart car can also result in other disruptions such as changing the navigation system’s map views.
This fear of the unknown from smart car technology tends to be more with driverless cars than electric cars. Nevertheless, how can hacking smart cars be avoided? No set of regulations for this data and its security exist in the auto industry, and unfortunately rules are being created after the fact.
Smart health monitoring
Remote monitoring of patients has become a new and advanced form of healthcare management. This solution benefits hospitals and healthcare providers, but it also creates additional problems for data management and privacy regulators. Monitored patients wear a smart device that is connected to the Internet so that the device can transmit data to a hospital, healthcare provider or third-party organization that provides data collection and on-call services for the hospital or provider.
Although the data collected by a smart, wearable device generally isn’t specific to any single patient, enough data from these devices exists that can be hacked, for example, to obtain credentials for logging into the network. And once the network is compromised by a rogue login, consequences can be disastrous. For now, the situation with remote monitoring of patients is fairly well controlled, but security needs to be enhanced and upgraded for future implementations as the number of patients requiring remote monitoring increases. As demonstrated in the previous examples, electronic health record data requires enhanced management and governance.
Understanding the Internet of Things data lifecycle
Because of these concerns with access to Internet of Things data, having an understanding of the lifecycle of Internet of Things data is imperative.
Who owns this data? We all own the Internet of Things data until it leaves the connected device we are using. But who owns it then? This question is a very interesting subject that has been the focus in a lot of recent articles and white papers, but no definitive answers have emerged. In some cases, such as with the smart thermostat or smart car, the owner of the device or car can be defined as the producer of the data, whom can claim ownership status. But in other cases the ownership definition is hazy. This question of the data’s ownership needs to be better defined and governed for enterprises and individuals alike.
The issue of privacy is a very serious concern for all producers of data. Committees in the US and European Union are working on defining privacy guidelines with respect to data in the new world. Evolution always occurs in stages, and we are now past the infancy stage of the evolution of the Internet of Things. Watch this space with interest as the data; its types, formats and details; and the devices evolve over the next decade.
This area in the Internet of Things data lifecycle offers an interesting yes-and-no situation. The yes part is security requirements have been identified; the no part is these requirements have not been standardized into a set of regulations. This area is emerging rapidly with a great deal of the focus on isolating data, its transmission and encryption, its storage and its lifecycle. Several articles on these topics are available that provide perspectives from the major stakeholders, and they all have solutions in their stack of offerings in regard to acquiring and managing data in the world of the Internet of Things.
In today’s world, only a handful of companies across the globe have success in implementing a stellar data governance program. The worry here is that the remaining companies may have some aspects of a great data governance program but are hanging by thread in other critical areas. Based on my experience, I would say that the 30/70 rule applies to a data governance program's success/moderate success. The world of data for the Internet of Things needs more governance, more discipline and more analytics than ever, but, most important, it needs a highly managed lifecycle. If rapid resolutions are not achieved in this area and if it is not made a high priority, the journey for internal and Internet of Things data could be quite challenging.
Ownership, privacy, security and governance of Internet of Things data is not about let us build when the need arises, it’s about let us innovate to plan for all the needs that are likely to arise in this data journey.
Looking ahead toward the Internet of Things horizon
Stay tuned for additional details on this topic in upcoming posts that discuss how enterprises can plan for implementation of a data governance program. In addition, see how other major companies in the high-tech industry are evolving Internet of Things technologies and contributing to the security and governance of Internet of Things data. And discover how cognitive computing can deepen Internet of Things value at the IBM Analytics site for IBM Watson Internet of Things.
Editor’s note: This article is offered for publication in association with the Big Data Seminar 2017, 16–17 November 2017, in New York City, at the Hotel Pennsylvania, and sponsored by Data Management Forum. Additional information is available in the Big Data Seminar flyer.