The Internet of Things (IoT) offers a wealth of enticing business opportunities. To fully maximize IoT’s potential, however, it’s important to proactively and holistically address IoT security challenges. While it’s critical to secure the actual IoT devices from hacks and data breaches, the best solution involves a fully comprehensive, end-to-end approach. Joe Witt, vice president of engineering at Hortonworks, offered insights into using a big data platform to improve IoT security and what security in a connected age means.
IoT poses challenges with establishing trust throughout the enterprise. According to Witt, a good first step is validating the identity of the devices and authenticating the data coming out of these IoT systems and sensors. It’s critical for an organization to be able to reliably identify devices and the data they produce—you have to understand not just what the data itself is saying, but the context in which that data was produced or acquired. Identifying the IoT device that produced it and verifying its trustworthiness allows you to assess and track, at a metadata level, the effectiveness and accuracy of those systems.
Identifying your IoT devices helps your business make better decisions about your data as well, Witt adds. For example, you may discover that a certain class of sensors consistently produces data of insufficient precision, yet you may still want that data because there’s some value in it. Based on what you’ve learned about this data, you now know not to use it for a certain class of high-accuracy requirement use cases.
Identification makes the difference in helping your business execute an important downstream decision like this by helping you maximize the value of the data you have, while steering clear of cases for which it may not prove suitable.
Ownership is another example of the complex IoT security challenges enterprises face. According to Network World, of the organizations that don’t track IoT inventory, 85 percent say there’s a lack of centralized responsibility for those devices. Multiple businesses often work together to collect, store, or process IoT data, and security and legal questions often arise from that murky arrangement. Witt cites auto insurance as an example where ownership, seemingly simple on the surface, becomes a lot more complicated.
First, auto manufacturers provide an interface for a vehicle that generates its own data. Many internal components, such as the engine, built by a manufacturer, will have many different continuous sensor readings flowing through. Then there’s the telecommunications infrastructure that telecommunications firms have built, which dealerships and insurance companies want access to as back-end user-consumers of this data. Everyone has different ownership levels and perspectives over who owns the various IoT data streams being generated within this one vehicle.
An auto insurance company’s challenge, then, is reliably acquiring and capturing that data and determining the level of ownership and usage rights over it. Is it enough just to get the vehicle’s data, or do your consumers need a device so they can do their own data collection on your behalf? Do you make business partnership deals with auto manufacturers or the network providers? As Witt notes, there are many interesting legal, business-to-business, and ownership/usage questions that arise from what originally seemed like a straightforward use case. A big data platform could be particularly useful for these IoT security challenges.
According to Witt, security doesn’t wait for data to arrive at the data center or come to the cloud—it’s something enterprises must enable the moment data is created. Your data platform should take a holistic end-to-end view, combining flow management solutions with stream processing solutions. Data provenance and privacy by design play a major role in this. Rather than only collecting, processing, and delivering data (and encrypting it, obviously), enterprises must also constantly track where it comes from and where it’s going.
In the case of a vehicle, an enterprise could begin identifying and authenticating the data produced right off the sensor itself, generating metadata that tracks the life cycle of that data: when it was collected, what the business has learned about it, where it was sent, and more. A business can also perform various methods of encryption, which could allow the data to be visible while still validating its authenticity. Ultimately, it can gain a complete view of its IoT data’s chain of custody from end to end.
As Witt notes, this information doesn’t actually reside within the data itself, but in another layer, which becomes a whole new source of data. Businesses can leverage it for compliance validation and security checks, or to detect and understand anomalous flows that don’t make sense. These IoT security solutions support higher-level analysis, enabling an enterprise to understand what normal data flows look like over time.
Enterprises can address the complex security challenges they face by leveraging innovative big data platforms that allow them to better understand and analyze their data. In doing so, they can capitalize on the incredible value that IoT devices offer while ensuring the security, integrity, and viability of the data they produce.
To realize the full potential of your data applications, learn more about streaming analytics.