Defusing The IoT Time Bomb

They’re coming, and we won’t be able to stop them. But will they be friends or foes? What are we talking about? Internet of Things (IoT) devices. And, as..

Sourced through from:

Internet of Things (IoT) devices. They’re coming, and we won’t be able to stop them. But will they be friends or foes? 

Consumers cringe as the barrage of data breaches continues — from major retailers to health insurers to government agencies, hundreds of millions of records are now exposed and there seems to be no end in sight.  Will we face a similar future with some of our most personal and sensitive information (where we are, the status of our home, our latest health vitals), or even with our physical security?

These issues are the focus of the Internet of Things Working Group (IoTWG), recently established by the Online Trust Alliance (OTA), a non-profit focused on the establishment and adoption of best practices that enhance online trust.  The IoTWG is made up of dozens of organizations, including leading retailer Target and technology leaders Symantec and Microsoft. Its mission is to establish a trustworthy framework for IoT manufacturers to follow that addresses three key pillars: security, privacy and sustainability.

Suggested IoT privacy practices parallel those in place today for general web services, yet the sensitivity of IoT data tied directly to an individual and the form factors used present additional challenges and concerns.

Key recommendations: include sufficient notice in a format consumers can easily access (preferably before purchase), limitations on data sharing with third parties (who may be integrally involved in delivering the service), data retention policies and clearly defined implications of a customer’s refusal to accept a privacy policy (e.g., how much of my smart TV is usable if I don’t accept the policy?).

Perhaps the most concerning issue is the ticking time bomb of sustainability, or ensuring IoT devices remain secure long-term, throughout their entire life cycle. New paradigms are present here — who would have previously considered software upgrades for garage door openers or washing machines that might impact security or privacy?

Contrary to the mobile device market, which has a relatively short half-life, the useful life of IoT devices, especially in the home, is much longer. The concept of “security and privacy by design” for manufacturers is critical here — they must take a long-term view of the offerings in the context of overall use, designing products and services that can keep pace with security and communication protocols that evolve over time.

Key issues:  support timeframes (e.g., how long will the software/service be supported, even if the device is long out of warranty or has been replaced by newer models), compatibility issues (e.g., if an upgrade causes incompatibility, can I roll back?) and functionality in light of connectivity or policy issues (e.g., what still works on my smart device if it’s not connected, and what still works if I don’t do an upgrade or refuse to accept an updated privacy policy?).

Working through all these issues now allows manufacturers to incorporate the concepts into the design of products, services and associated policies, thereby helping to protect consumers from potential abuse and harm.

See on Scoop.itInternet of Things – Technology focus


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s