An operating manual of Home Network System is seen on November 29, 2006 in Incheon, South Korea. (Photo : Getty Images / Chung Sung-Jun)
While the Internet of Things ushers innovation and connects products to bring greater efficiency and speed to various sectors, it is getting conservative. The concept, which was anticipated as a phenomenon stronger than the Internet, is slowing down, and one of the major reasons for that is data security.
As confidential data becomes increasingly accessible online, businesses realized that data security is something they cannot compromise. Current data security solutions relied on by many businesses failed in the past and are still subject to failure. Cybersecurity has been estimated to increase to $3 trillion by 2020, if the connected devices will reach 20.8 billion by that year.
There is currently an urgent need to rethink security in an always connected, decentralized and high-volume world of machines, according to TechCrunch. The 1990s was an era where the focus was on data in motion, or making data available to everyone. Such emphasis was one of the major reasons why data security solutions fail because data at rest was not considered.
The tech industry gradually realized that data should be protected for its entire lifetime, not just during its transmission between devices. In the world of machines, information starts and ends as data at rest. In between, it passes via interacting devices in user activities, customer transactions, authentication, API interactions and software deliveries.
When communication is the only focus, there is the absence of custody of data that is being hosted in various environments. Then a single compromise anywhere in the chain will affect the data's reliability and subsequently, the conclusions derived from it.
Today's assumption is that machines and the data they manage are secured. Information security has three components: confidentiality where data access is protected and restricted; integrity which assures that data is as it should be and has no compromise; and availability which means those who are authorized to access the information are able to do so.
Enterprises that adopt IoT have issues to consider when it comes to data storage, either it is on site or in Cloud. Werner Struth, board member of Bosch Group had a talk with The Engineer about data security in IoT last year. He believes that there are two major issues around the Cloud provider and these should be to define the roles of the data owner and those who have limited access to information like the customers and suppliers.
"They [suppliers or customers] get a certain amount of data that they are entitled to read and understand," Struth told the tech site. He thinks that the roles should be clearly defined, as well as the data semantics and the data container to use. He added, "For this we need maybe national or international platforms like...the Industrial Internet Consortium in the U.S. in order to solve these problems."
Data confidentiality is being targeted by most modern security solutions, like firewalls, encryption, tokens and authentication. They put barriers against unauthorized access. However, communication protocols, machines, rules, software and APIs are vulnerable.
When confidentiality is breached, it would take days for organizations to find out, just like what happened to Sony Pictures in 2014. After that, system administrators would identify which data were accessed, which is a very expensive task.
Security experts have still to build IoT networks that are not vulnerable, something that can give owners information if their data confidentiality has been breached. This is an integrity issue which should be the focus of modern security as the tech industry heads towards IoT when everything will be connected.
IoT is discussed in the following video.
