The Two Real Challenges of the Internet of Things
The article is written by Julie Robles, founder of Raw Motion, one API to access IoT data.
Every week there is a new connected device on the market. A few days ago, Tag Heuer launched its smartwatch with Google, and last week I saw a €39 sleep tracker in my supermarket plaster section. Tech conferences are buzzing about the Internet of Things (Consumer Electronics Show 2015, Pioneers Festival 2015).
The Internet of Things (IoT) includes devices and sensors that are connected to a network to send and receive data. IoT has been around for a while, better known as M2M (Machine to Machine) and supported by telecom operator networks, using SIM cards to communicate. The first step was to enable the machines to listen to data sent remotely from sources controlled by humans or other machines and then talk back. Now, the next logical step is to make them intelligent. A smart device is a device that can action without requiring human interactions, for example turning the lights on because you are at home or stopping and saving the progression of the movie because you fall asleep.
The Internet of Things has already disrupted each and every one of the old industries: agriculture, urban infrastructures, factories, utilities, logistics, retail, and transportation.
What does this mean for the world as we know it? Whether it is in B2C or B2B market, the adoption of IoT devices will depend on the balance between their benefits and risks. Using data creates a lot of values if done correctly, like building secured homes for the elderly by detecting falls. However, it also means that organizations with divergent interests may access the data, legally (data are sold or granted to them) or illegally (they hack the database).
To exploit the many opportunities that come with the Internet of Things, we need to address the obvious challenges.
Challenge #1: How to make money
The business model behind the IoT plays a big part in influencing an enterprise's IoT strategy. Who are the customers? Who pays? How do companies reach their customers? Enterprises have to be sustainable and have to find a working business model.
While enterprises need to make money, they need to remain ethical on how they do their business and keep their users happy.
On one hand, we have users who have the habit of accessing digital services for free.
On the other hand, data have are valuable for third parties who, for example, want to learn about the habits and behaviors of existing or target customers to tailor the product offering for them such as selling insurances. Another example involves analytics agencies who want to buy the same data to sell insights and user profiles for advertisements.
Selling hardware and services
Apart from selling data, companies can choose from following sales models: one-off hardware sale, one-off hardware sale with a small margin plus a monthly subscription fee, or paid coaching services on top of a FREE application e.g. to monitor your heart rates.
Advertising and discount partnerships are based on the model where company sells user data to another company. At the moment, selling the data seems to be a strong business model.
While enterprises need to make money, they need to remain ethical on how they do their business and keep their users happy without violating users’ privacy.
As soon as the users download an app, they have to give up certain rights on a lot of data, including seemingly unrelated data that have nothing to do with the app functionalities. Some data might not be used at the moment. Thus, the users tend to overlook this problem. They receive unwanted emails that go straight to spam. The users might not care about their “stolen” personal information today because this information is barely used. However, they will care later on when it becomes apparent the information being used without their consent.
Collected data are not only emails but also contain much more sensitive information such as the user’s locations, health details, driving behaviors, or spending habits. Many people are sensitive about revealing certain personal information and find others knowing about their private life an intrusion to their privacy.
However, this raises a question: “Who owns the data?”
Challenge #2: Security
It is important to note that security and privacy are two distinct concerns. Security is protecting data from being hacked. Privacy is protecting the data from being used with different purposes than originally intended or from being sold to a third party without prior consent. So while privacy is an ethical question, security is a technical issue.
Security has become a primary concern for adopters of IoT technologies. You probably heard of the famous Cherokee Jeep hacking incident which two whitehat hackers remotely hacked the cas and sent it crashing into a ditch.
What is the weak link in the IoT value chain of connected devices?
When it comes to security, where should industry focus its effort? What is the weak link in the IoT value chain of connected devices given there are many vendors?
Does above model look a bit like the OSI model?
Who should be held responsible for data security?
In the IoT world, everything is an endpoint. Every participating player in the value chain, with its own products and standards, introduces another entry point that can be targeted by cyber attackers. The integrity of one player’s data depends on that of partners from its IoT ecosystem.
Is there a need for a standardized communication protocol?
Securing the data is difficult because of the lack of standard regarding communication protocols: NFC, Bluetooth, WiFi, Zigbee, LoraWan to name a few. As more vendors enter the IoT space, they will bring their protocols which mean more protocols to secure and keep up-to-date.
The IoT space is still young, and every player hopes his technology will take over the market. Consortia are forming, but it will take some time before there is a clear winner who sets the industry standards.
So what’s next
The Internet of Things is the next big revolution, but it still has many challenges to overcome. IoT adoption faces other questions at the moment: the use cases are not clear, the users have to create applications around the products, the prices are still high, and the hardware is fragile.
There are other challenges, but security and business model should be the two main focuses. As a business, you need to make money and not just following IoT trends. Not only that, there are big crises regarding security and trust which deter wider adoption of IoT. People will let smart devices into their lives when they will be able to trust them.
What other challenges you are facing right now that stop you from fully embracing the Internet of Things? We’re very interested in hearing your feedback.
About RawMotion: RawMotion aggregates data collected with IoT devices, and makes them accessible through one unique API.
Photo credits: Depositphotos
Most Recent Articles
- TeskaLabs helps LINET with cyber security compliance for medical devices
- TeskaLabs and University hospital in Pilsen launches a pilot of zScanner - open source mobile app for medical photo documentation
- EV Charging Station security demonstrator
- Five Ways AI And Machine Learning Can Enhance Cybersecurity Strategy
- C-ITS ITS-S Security microservice
You Might Be Interested in Reading These Articles
With the year on year rise in ecommerce, there is a corresponding rise in online fraud - in fact, according to Financial Fraud Action UK, this type of activity had increased by a quarter to £399.5 million in the first half of 2016. The most recent manifestation of this is the concept of “testing” - this is where the criminals try small purchases to check the validity of card details, before moving in for the kill.
Published on July 04, 2017
OpenSSL DROWN Vulnerability Affects Millions of HTTPS Websites and Software Supporting SSLv2 (CVE-2016-0800)
DROWN is caused by legacy OpenSSL SSLv2 protocol, known to have many deficiencies. Security experts have recommended to turn it off, but apparently many servers still support it because disabling SSLv2 requires non-default reconfiguration of the SSL cryptographic settings which is not easy for common IT people who have limited security knowledge and don’t know the location to disable this protocol and the way to disable it.
Published on April 12, 2016
We are a security Cat, specializing in mobile application security. You know that. In the last couple of months, we happened to stumble onto another tech domain: Business Intelligence (BI).
Published on December 26, 2014