IoT and Governance. Its a game of RISK

Due to the sheer volume of devices, data volume, security and networking topologies that result from IoT, it is natural for there to be a lot of questions and legal challenges around governance and privacy. How do I know my data is secure? Where is my data stored? If I lose a device, what happens to data in flight?

The National Fraud Intelligence Bureau has said that 70% of the 230,845 frauds recorded in 2013/2014 included a cyber-element, compared to 40% five years ago. This would indicate that we aren’t doing a very good job on protecting the existing internet enabled devices, so why should we be adding more devices? If we internet enable our light bulbs and heating systems (Nest being acquired by Google a good example) to control from our mobile phone, can the devices be hacked to tunnel to our mobile phone data?

It is not only the singular consumer that needs to be aware of privacy and governance. Businesses too will need to ensure when they adopt IoT, they must place resources at the door of the legal requirement and implications of IoT enablement. A key aspect of this will be to ensure their internal teams are aligned in relation to IoT, and more specifically, security, data protection and privacy.

More and more, governments and regulatory bodies have IoT in their remit. This included the EU commission who published a report that recommended that IoT should be designed from the beginning to meet suitable governance requirements and rights, including right of deletion and data portability and privacy.

The draft Data Protection Regulation addresses some of these measures including:

  • Privacy by design and default – to ensure that the default position is the least possible accessibility of personal data
  • Consent
  • Profiling – clearer guidelines on when data collected to build a person’s profile can be used lawfully, for example to analyse or predict a particular factor such as a person’s preferences, reliability, location or health
  • Privacy policies
  • Enforcement and sanctions – violations of data privacy obligations could result in fines of up to 5% of annual worldwide turnover or €100m, whichever is greater

The first point above, privacy by design is normally an afterthought unfortunately. Whilst not a requirement by the Data Protection Act, it makes the compliance exercise much smoother. Taking such an approach brings advantages in building trust and minimizing risk.

IoT presents a number of challenges that must be addressed by European privacy regulators as IoT evolves. It is predicted that the scrutiny on these challenges will increase as the device number increases.

Some of the challenges include:

  • Lack of control over the data trajectory path
  • The lack of awareness by the user of the devices capabilities
  • Risk associate with processing data beyond original scope, especially with advances in predictive and analytic engines
  • Lack of anonymity for users
  • Non threat everyday devices becoming alive to threat

As can be seen from these challenges above, there are characteristics in common, such as control, security and visibility which makes governance of IoT a bigger challenge than expected.

Finally, governance in IoT is expected to follow other technologies. Up to now, the software industry has not had single standards for the complete service portfolio (including cloud), although government are addressing this. From the geographical standpoint, different regulations are commonplace for different jurisdictions in IT, so IoT is predicted to follow suit.

An IoT Data Flood. Are we ready? (Intro)

A flood of 50 billion pieces. That’s the predicted number of internet enabled devices that will span our globe in 2020 to create the expanding Internet of Things (IoT). And it is a conservative estimate, when you consider other types of technologies that could be enablers, namely Near Field Communication (NFC) and Radio Frequency Identification (RFID). The speed of internet connectivity in the future is likely to hyperscale, and makes Moore’s Law, which we successfully navigated, seem tortoise like.

So what will all this mean? Crop fields will be smart. Crime will diminish. Stagnant business models will become fluid. Heck, we may even predict the weather. But one thing will remain: The need to collect, store and analyze this data. The coming years will see a dramatic and disruptive innovation of the classical data center model as we know it. It will not be practical for all these remotely distributed devices to transfer their data to centralized data centers. In recent years, data center consolidation has accelerated, yet it does not fit well with IoT. It is proposed in this article that a single person’s life and home of tomorrow will generate more data than the industrial plant of today.

Whilst estimating the impact of the Internet of Things (IoT) over the coming decade would be difficult to do accurately, one thing is apparent. It is going to be a game changer. With the number of devices , the ability to connect, communicate and remotely manage these automated devices is becoming an enabler, from the parking lot to the factory floor to the homes we live in.

Figure 1: Explosion Potential of IoT [1]

A critical enabler for IoT longer term is the concept of smart cities, where both human centric wearables and machine sensors will work together to make the cities of tomorrow more efficient, secure and safe. By 2050, it is predicted that two thirds of the world population will live in cities. This migration naturally represents great challenges especially in healthcare, security and energy use.

Sogeti2, a global collection of over 120 technologists, makes an excellent association between smart cities SMACT (Social, Mobile, Analytics, Cloud and Things) and the concept of a platform. The City as a Platform is twofold: it is the infrastructural capacity plus the human dimension, the empowerment of behavior via data and applications. It shows that the digital architecture of a city is beginning to look like a platform with various abstraction layers that support one another. There are 11 scenarios in which a city can become smarter: waste, healthcare, grids, retailing, supply chains, tourism, e-government, smart meters, food, traffic and logistics management.

Figure 2 : Smart City as a Platform Illustration [2]

From Figure 2 above, the top shows the activities of everyday life, with citizens, students, consumers and commuters. Below this is an abstraction layer containing technology such as an Application Programming Interface (API). Streets become smart if we can link camera systems with facial recognition technology. As you traverse the layers, you will notice common elements of any platform, with communication and/or collaboration between these layers. These are already in action, apps like Air B&B and Halo/Uber show that smartness in applications can make cities more efficient in regard to transport and space respectively.

Many people own internet connected devices, such as their smart phone, laptop or smart TV, but this is the beginning of an age where technical advances and cost reductions mean elements such as baby monitors, fridges, temperature sensors, in-home heating and lighting will all be connected. The list of devices is growing all the time. But if we stop and think about what these devices mean for the classical data center model, it soon becomes apparent that this deluge or flood of data will impact data storage, processing and analytic platforms that we use today.

The strain is evident already, and that is with the devices that we control (laptops and phones generating data by surfing the net for example). It’s still just two devices per day per person. Imagine if that number increases over 50? Imagine the data load and bandwidth implications when those devices are sending data regularly? Then consider an entire city of people with the same level of internet connected devices, leading to billions of devices generating vast quantities of data which must be processed and stored. Understanding this impact is important if you are to ensure that your infrastructure is correctly designed to support an IoT strategy that your organization will need to remain competitive in the coming decades.

In my next blog post, I will explore the impact of IoT on Classical Business Models. Stay tuned!


1: Connectivist Chart on IoT Growth

2: Sogeti Labs: City as a Platform Article