Keeping Data Secure In The Age Of The Connected Device

Keeping Data Secure

The UK government’s recent announcement of further investment in the development of the Internet of Things – or the growing Web-linked network of smart devices – was a new vote of confidence for the concept. However, reactions to this gesture were mixed. While some commentators believe that the Internet of Things has yet to show any real commercial promise and its potential overrated – others believe that it marks the internet’s true coming of age.

Undoubtedly the cynics are letting the hype get in the way, although more exploration, trial and error is probably needed before the golden ticket is finally revealed. However, in all the excitement of the enthusiasts, there is one aspect that tends to get forgotten. After all, if we haven’t yet properly mastered the security aspects of the original internet – how will we deal with the far more complex concerns of this latest version?

Thankfully, if you cut through the shiny surface of the Internet of Things, its drawbacks are similar to those we see elsewhere. Its real benefits lie in the data produced by all those connected devices. In this way, it represents not so much the next phase of the internet, more a new episode in the big data story.

So, once again, there are the challenges not just of volume, but also of velocity and variety. Take smart meters, for example. If instead of sending an engineer every six months to take a reading, utilities start to collect meter readings every 15 minutes, the huge increase in the volume of data and the speed at which it’s received will be immense.

However, the Internet of Things does amplify the security risks inherent in storing and managing this data. Of course this depends on the application, but some of the most useful will also have significant privacy and security implications.

For example, suppose details of an individual household’s electricity consumption habits were to come to the attention of a telemarketing firm? Or what would happen if data from monitoring a patient’s blood sugar levels or blood pressure was sold to an insurance provider and used to increase the patient’s life assurance premiums? More seriously, there is also the risk of data hacking by individuals or even by governments. It doesn’t take a huge stretch of the imagination, these days, to anticipate this scenario.

So realistically, for the Internet of Things to become truly valuable, businesses need to guide consumers over the ‘big brother’ hurdle. In other words, we will all need to re-think how much privacy we are prepared to surrender for the sake of convenience. On the surface, many services will be ‘free’, but in return we will need to allow the provider to use our data to produce aggregate analysis and market their products back to us.

The creeping intrusion into private lives is a concern to many and data from connected devices needs to be used sensitively and intelligently to avoid a backlash. Organisations planning to draw value from this data need a pragmatic but agile approach, balancing security with accessibility according to the nature of the information they hold. However, it all boils down to robust data governance, sound data management habits and strong security processes and procedures that respect the privacy of this data.

These businesses would do well to appoint a ‘data champion’ whose role is to break the cycle of poor data management and instil new habits. Data governance isn’t a cost centre, but on the other hand, sound, standardised and secure data increases the speed and accuracy of analysis and helps companies to better meet regulatory needs. In this way, investment in governance including security will bring long-term returns.

While most early big data projects have been free of explicit project management structure, this needs to change as the Internet of Things drives the momentum. Businesses must begin to wrap more standards and procedures around these projects to ensure more watertight data integrity and security.

Of course, the choice of technology used is always critical. Unfortunately, legacy integration engines require proprietary security methods. However, newer systems running on Hadoop, one of the key processing frameworks for big data, are easier to keep safe. Users should look for integrations solutions that provide support for Kerberos network authentication protocol which makes Hadoop distributions more secure.

While most vendors of connected devices will be focusing on ways to analyse and monetise the data accumulated, these issues can’t be ignored. In reality, only a minority of applications will present real security threats, many will impact the privacy of their users. However, using the right technology combined with a formal and structured data governance and management policy, will significantly minimise the risk of leaks and breaches and go a long way in helping the reassure customers.

Yves de Montcheuil

Yves de Montcheuil is Talend's Vice President of Marketing. He joined Talend in 2007, following 15 years of product marketing experience with various US and European software companies, including Sunopsis, Empirix, and SDP/Sybase. Yves holds a masters degree in electrical engineering and computer science from Supelec in France. He has presented at numerous industry events and conferences and has authored several published articles.