Privacy is a key concern across multiple aspects of enterprise technology. The question of how best to protect sensitive and personal data has been highlighted over recent years, as legal and regulatory frameworks such as the GDPR gain prominence, and the cyber threat landscape becomes ever more dynamic and complex.
The Internet of Things (IoT) is in the process of transforming multiple industries, and rightly so. The automation and business intelligence it can foster is hugely powerful. Yet the IoT also introduces some specific challenges to organisations in respect of data privacy. Let’s take a closer look at how.
An IoT device or sensor is, essentially, a connected device or sensor. In turn, this means that an IoT device or sensor is a potential point from which data can leak – or a malicious party can gain access.
As such, when an organisation creates an IoT ecosystem – say, by deploying connected sensors throughout the physical assets on its factory floor – then each of those physical assets is theoretically an endpoint device – like the computers and mobile devices elsewhere in the organisation. And so, at a stroke, the organisation has vastly increased its attack surface – that is, the area through which a cybercriminal may attempt to gain access to the network, for the purpose of stealing data.
Small, simple devices
It is not merely the volume of IoT devices that causes privacy concerns, but also the small scale and simplicity of many of those devices. In many cases, this means that it is impossible to embed sophisticated cybersecurity protection into those devices, thus increasing the risk of malicious data interception, or infection by malware. Other problems may include easy-to-case passwords hard-coded into IoT devices as the default.
As we have blogged in the past, at its core the IoT is all about data. IoT devices collect data which was previously costly or even impossible to tap into. They generate vast amounts of business intelligence, to be harnessed both in real-time and over the long term. In short, they massively increase the amount of data that organisations are processing – and in turn, this means that security and privacy experts are rightly concerned about how that data is collected, processed, shared and stored.
To achieve robust approaches to data privacy, organisations processing data, particularly personal data, need to map the flow of that data throughout their business, and draft and enact watertight policies in relation to that data. When an IoT project has exploded the volume of data said organisation is dealing with, this can become rather more complicated.
Visibility is key
These data privacy and protection concerns may be multifaceted, but they are not insurmountable. Rather, organisations in the business of either developing or deploying IoT devices need to make data protection a priority from the outset, rather than an add-on they think about later. Robust data privacy always begins with visibility – understanding what data is being collected or generated, where and how it is being processed, and how it is stored.