Security : The Albatross Round IoT’s Neck
The Internet of Things (IoT) landscape is poised to witness dramatic changes both, on account of new applications and changing perceptions. IoT has largely remained outside the purview of public perception, which is the reason that it is not realized to have already penetrated into the day-to-day lives of denizens. All the while novel applications are being developed and adapted to different ecosystems. However, a major challenge that remains for IoT is that of secure access. As the devices multiply and start talking to each other, not only will the points of access be compounded but also the channels. Moreover, the agents capable of seeking access will also mushroom with the devices, as functions are increasingly automated.
IoT capabilities are being proliferated in the personal domain through the use of always-on, always-on-you technologies, particularly wearables. These collate specific data points that are subjected to contextual analysis by way of cloud applications. It would, then, logically follow that, with the increasing penetration of IoT devices, the various data points collected by individual sensors will, in the future, be combined into databanks that allow for more comprehensive and holistic analyses across functional areas. This will be further propelled by new data standards, which would have to be defined for cross-industry migration and utilization of the data gathered by IoT enabled sensors. This is understood to have great applicability across industrial divides, since several common data points are needed to make decisions. For instance multiple data points from the healthcare industry would have direct applicability in insurance while compiling risk profiles and calculating premium. This framework of unified databanks could even materialize through the centralization of processing capability into one device. So, if the smartphone is transformed into a CPU of sorts for all wearables, it would necessitate dedicated access to data points collected by all of them and, in effect, create a databank of these personal digital technologies. Another alternative, facilitated by ubiquitous connectivity and increasing speed of data transmission, is the delegation of heavy operations to processors in the cloud. This would require a real-time transmission of sensitive data, widening the scope and possibility for data-compromise. The common factor, however, would be that all IoT peripherals would be connected to the internet-grid, which would convert them into portals of access to such databanks.
PURGING THE ALBATROSS
The swelling of access points would grossly magnify the issue of secure access, as all IoT enabled devices would need safekeeping. This could very well entail creating firewalls around all such devices. An inefficient proposition, this can be better understood from an analogy of mobile chargers, where the lack of standardization had created unwarranted inefficiencies in the whole ecosystem. The following, by contrast serve as better alternatives:-
· Security Enabled by ISP: First, clearly define a protocol for identifying local networks of IoT enabled devices that are trust enabled and, then, secure communication channels leveraged for any and all data-flows between the local network and the internet-grid. Unlike the creation of stand-alone firewalls for individual devices, this could be standardized by service providers.
· Security Enabled by sole Personal Device: A second alternative could be routing all access requests through a standalone device — the DigitalPersona device — which could essentially result in the sanctioning of a digital persona as a singular device would hold the prerogative in allowing access to the databank of any person or entity.
Of course, here we are only considering a layer of protection for access to sensitive data instead of securing the data itself, housed on third-party servers and, for which well-established protocols already exist. The profusion of private and sensitive data would also require tagging individual data points by type, for easy identification and risk profiling. The establishment of such classifications could stave off compromising sensitive data as industry-wide safeguards can be put into place.
Although it’s too soon to speculate how secure access will be ensured across different verticals and contexts, it may be admitted that making entire ecosystems compatible with IoT would be an uphill task. However, an approach that may be standardized across the board with seamless transition over applications would be best suited to advance the adoption of IoT. This will, inevitably, create new opportunities and might even redefine traditional boundaries between industries. One needs to wait and observe.