The exponential growth of devices in a world of the IoT is generating huge growth in the amount of data being generated.

With this in mind there are a number of considerations which really must be taken into account by manufacturers, vendors, app developers and users of these systems to keep up with this unprecedented growth, associated risk and opportunity.

A key consideration in understanding what is the specific purpose of the IoT asset? What data does it need and how does it need to be used?
For example:
A “Smart Fridge” can watch what is in your fridge, discard out of date items, order new items when you are close to running out. What then does it need access to?
A “Smart Car” (not the dinky little roller skate variety), which understands traffic flow, how much fuel you are using, the speed you are travelling at and whether you are tired or not?
My first thoughts are that some of the data needed is:
• Shopping information
• Credit or debit card information
• Loyalty cards
• Online shopping accounts
• Addresses
• Delivery information (safe places, when you are in or out).
• Access to a camera
In other words, information ABOUT you and your habits.
Does it really matter if someone knows how much chocolate you eat, or whether you drive at 33 in a 30 mph area? Does it matter if you’re eating and exercise habits (or lack of) become known? Potentially, yes, if your medical information and/or driving habits or other information are shared with insurance companies, journey and road planners. What information is retrieved, and how information is shared can range from these pieces of information, to many, many other things.
The first thing is that this data must be transmitted securely (encrypted).
Secondly, all of these devices are connected to the internet they themselves must be secured in order to limit the ability of attackers to use them as attack vectors.
Thirdly, organisations must consider what devices they are using, how the data is used (are they culpable if malicious activity occurs within their perimeter, via one of these “Things”?)
Finally, and possibly the biggest question, is how this collection of data should be controlled, and subsequently used in an ethical manner?

Related articles