The IoT, security and privacy: Why user data must belong to the user

(c)iStock.com/peterhowell

Talk to anyone about the Internet of Things (IoT) and you can almost guarantee the topics of security and privacy will crop up at some point.

The market, as one would expect, is a huge one – Zion Research argues it has the potential to hit $464 million by 2020. But opinion is divided on how secure connected devices currently are. One interesting finding from a recent ISACA survey shows that while 64% of consumers are confident they can control IoT data, 78% of IT professionals argue security standards don’t cut the mustard.

Patrice Slupowski, VP digital innovation at Orange, who has been in the boiler room of innovation for IoT over the past several years, is not surprisingly in the latter camp.

“[Security is] part of a gigantic question around cyber criminality,” he explains. “As our lives are becoming more and more digital, the threats on our life are becoming more digital.

“The IoT is multiplying the effect because with all the connected objects, it’s extending the number of touchpoints between the people and the services. With the ways people can activate, and use, and connect to objects in a remote way, it’s giving some new issues by the potential control that can be done.

“If people are able to control a car, or unlock a door with their smartphone, then everybody can expect that a hacker may do the same.”

Despite the survey findings, Slupowski argues the consumer element is perhaps overplayed; the number of users who regularly use smart home technology, for instance, is comparatively low when compared to technologies we’ve been using for more than 15 years. “Someone hacking your email account is probably the biggest threat to digital life today – it’s not the IoT,” he says. “The number of people having connected objects, or having several ways to control one of the objects is still a small number.”

If people are able to control a car, or unlock a door with their smartphone, then everybody can expect that a hacker may be able to do the same

Yet the threat of data being hacked remains front of mind – and especially so given the recent revelations concerning TalkTalk and Vodafone. The former was subject to a ‘significant and sustained attack’ two weeks ago with fewer than 21,000 bank account numbers and sort codes accessed, while the latter was a data breach which resulted in the accounts of more than 1,800 customers being affected.

Slupowski concedes Orange, as a large provider, is ‘obviously a target’, but adds: “We’ve clearly chosen to go on doing our best efforts in order to make sure we are securing as much as possible – and it will be a permanent fight.

“It’s not a simple thing that we’re going to solve,” he adds. “We just want to make sure that we are really clear on the fact that there are some means [and] protections, and you can never sleep thinking that you won’t be affected by anything.”

This fits in to the privacy angle as well as the security one – Orange aims to protect not just the data but also the user, and bake it into their product ‘by design’. Regarding privacy, Slupowski argues: “On that we are very clear – user data should belong to users. It’s not because we’re hosting data that we’re acquiring any kind of rights on that data. It’s the same for the enterprise data – we’re very serious about privacy and data ownership.

Despite the challenges the industry faces, Slupowski admits it is an extremely exciting period of time for the industry. “For me, IoT started something like six or seven years ago, and I remember the first days when we were just starting to quantify this – we were looked at like crazy people speaking about a future which had few chances to happen,” he explains.

“I think over the past few years we’ve seen the acceleration,” he adds. “We’re seeing businesses, big companies, a lot of people getting awareness and starting to express their needs and bet on some projects, and seeing the IoT and data being part of the global digital transformation of those players is really, really very exciting.”

Patrice Slupowski is speaking at the IoT Tech Expo event in London on 10-11 February 2016. Register your place at the event here.

 

https://www.iottechexpo.com/wp-content/uploads/2018/09/iot-tech-expo-world-series.pngInterested in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.

The show is co-located with the AI & Big Data Expo, Cyber Security & Cloud Expo and Blockchain Expo so you can explore the entire ecosystem in one place.

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.