Capping IT Off

Capping IT Off

Opinions expressed on this blog reflect the writer’s views and not the position of the Capgemini Group

Security and the Internet of Things: emerging issues

Category : Security
Over the past years, concerns about security and privacy in relation to our digital footprint have become centre-stage. One of the aspects that has become highlighted is the importance of metadata in gathering information.

This (communication) metadata is often described as ‘data about data.’ This data can provide details on sender, receiver, communication duration, communication starting date and time, communication channel, communication protocol used. In this way, metadata can sometimes reveal more information than the actual content of communication, especially when you consider that metadata lends itself to aggregation and patternization more easily. Companies are collecting ever more data on consumers, and using this metadata and other user data for an astonishing amount of innovative uses.

In recent years, the so-called Internet of Things (IoT) has grown at a fast pace. Free apps that track behavior (running, sleeping, counting calories) are increasing, as is the amount of wearables such as smart watches, movement trackers and others. ‘Smart’ technology is increasingly being used in household appliances such as electricity meters, fridges and water cookers (the ‘Internet of Twinings’, if you will).

The (meta)data that these devices and applications produce, tell a lot about their users’ preferences, habits, movements, morals, health and other issues. Companies usually ask permission to use data, via the small letters of user agreements or via a screen prior to using an app. However, the policies governing the application of these devices are, in a lot of cases, either non-existent or sketchily known.

On Feb 12th, Capgemini Consulting and Sogeti High Tech published a research paper on the security aspects of the Internet of Things. In it, we conclude that both traditional firms and startups (but especially the latter) have grave concerns about the security of their devices. The research also points out that privacy policies are sketchy. In other words, this concern is not hypothetical, and with the increasing use of the Internet of Things, more companies need to re-think the security and privacy of the devices they roll out. It is vital to put security and privacy at the heart of digital transformation strategies, since it directly affects trust of the users in their brand. By applying more and better security, the IoT opportunity will truly be a benefit for all. This is essential in order to put cyber security at the heart of digital transformation.

About the author

Melle van den Berg
Melle van den Berg
Drs. Melle van den Berg specialiseert zich als senior consultant binnen het cluster Veiligheid & Rechtsketen in projecten rond cybersecurity, persoonsgegevens en crisisbeheersing in de (semi-) publieke sector. De heer Van den Berg is politicoloog en bestuurskundige. Hij heeft een vlotte pen en richt zich in opdrachten vooral op het verbinden van verschillende partijen.
3 Comments Leave a comment
The security, governance and oversight of 'data' in the digital transformation age is not new conversation - David Levy of Citihub has long discussed these issues and their implications, as have I and other colleagues discussed ILM security and its implications from transactional levels to 'datalake' BI analytics. Content security, meta data management, even data harvesting, publication or promotion are all IoT issues coming to the fore - what "rules" do you see emerging to address these? Where do you see governance or oversight sitting - within or without organisations? With whom do you place responsibility for (meta)data - the individual or corporate entity? IoT is pervasive - whose rules take precedence? And who decides and how? The debate needs widening - what do you think?
Yes, It's true. In these days whenever I watch News, this IoT is the Big issue. There is a need to strengthen our security and making many people aware of Data Handling and Getting and Cleaning the Data. Thank you.
Hi. In my opinion, the main problem is the impact of 'zero day' on IoT. Usually architects and developers do not put into account problems of 'zero day attack' on IoT products. Some solutions are : 100% code coverage, custom O.S. and custom middleware, C secure coding. On the other hand the IoT companies want to minimize costs without putting into account the side effects on critical systems connected by an IoT cloud. In conclusion only after incidents, the IoT companies will invest on security. Kind Regards.

Leave a comment

Your email address will not be published. Required fields are marked *.