The advent of a global network of Internet connected devices – sometimes referred to as the “Internet of Things” will bring about a “data democratization” that will upend traditional IT security models and pose considerable risks for organizations.
That’s the conclusion of two leading authorities on the so-called “Internet of Things” (IoT), Christopher J. Rezendes and W. David Stephenson, who write that its impact on businesses will be “profound,” and that cyber security will be one of the biggest challenges that organizations must address.
In a guest post on the Harvard Business Review blog on Friday, Rezendes, the president of INEX Advisors, and Stephenson, an author and consultant specializing in the Internet of Things argue that “the very principle that makes the IoT so powerful — the potential to share data instantly with everyone and everything (every authorized entity, that is) — creates a huge cybersecurity threat.”
The authors predict a chaotic transition to “data democratization” in which “data will be shared more widely than ever, in real time.” That, in turn, will demand “another round of risk management strategy review, new network security evaluation tools, and business model revisions.” Wait…are we done with the first round of risk management reviews yet?!?
Their blog post, which you can read here, says that – like all major changes to the commercial environment, the transition to an Internet of Things from an Internet of machines also has a tremendous up side. In just one example, IoT innovations will enable huge productivity increases and cost savings in areas like critical infrastructure, they say.
Among the changes the two predict:
- No more data snarfing – Rezendes and Stephenson predict an end to the capacious, data snarfing “privacy agreement” in which users of free, online services agree to sacrifice their data. “The IoT will be about data democratization. So the kind of opaque ‘user agreement’ that authorizes the service provider to remarket or redeploy user data will not be acceptable,” they say. In its place will be more balanced policies that allow those who deploy IoT connected devices to determine the access rights.
- Devices that can do more than monitor. “Fully realizing the value of IoT will require connected devices do more than supervise, monitor, and report,” the two authors write. They envision Internet-connected devices that can operate independently in coordinated “peer to peer mode”and support remote access to control functions.
The blog post is hardly the first to raise questions about the impact of ubiquitous, intelligent devices on cyber security and cyber risk. A survey of 1,300 members companies and universities by the German Association for Electrical, Electronic, and Information Technologies (VDE), released in May, found that only 20% anticipated adoption of “smart production” (or “Industry 4.0″ – as its referred to) by the start of the next decade. In contrast, 70% of those surveyed doubted that smart manufacturing goals would be achieved by 2025, despite obvious advantages, because of a lack of strong security controls.