by Eric Miller
This article is the second in a two-part series. Read the first part here.
Sometimes IoT devices can be a great example of “be careful what you wish for.” A smart device connected to the internet can collect data and send it to a server somewhere. There’s a lot of value in that type of data, from typical inside and outside temperature for your home thermostat to performance data from a jet engine. There’s just one problem: that’s a lot of data!
What do you do with it all? The simplest solution is to reduce the data to an acceptable precision, compress it, and upload it for storage. Picking a format that is efficient not only saves space on your server, but it reduces data transfer times and therefore power consumption. In many cases, you don’t need data for every bit of time, so the easiest thing to do is set the time between data collections, also known as the sample rate, as far apart as possible.
Along those same lines, a lot of data can be sampled and reduced down to key information. Perhaps all you need is minimum and maximums, or an average over time. Sometimes the data can be reduced further by fitting equations to the information, and reporting the terms of the equations only. A combination of these tactics can result in a significant reduction in the amount of data that needs to be transmitted and stored.
Once the data is uploaded it needs to be stored somewhere. A large corporation can create a server farm to store the data. Startups can pay-as-they-go on Amazon Web Services and Microsoft Azure. Other companies like Salesforce and Hewlett Packard Enterprise are setting up IoT specific services for new companies that include ways to handle, reduce, and store data. Smaller companies with software ability, can build their own backbend to handle all that information.
Whichever way you choose to go, the important thing to remember scalability. The software and computer resources need to grow as usage of your device grows. You don’t want to start with a system that handles your maximum potential amount, but you do want a system that can grow as the usage of your IoT device grows.
Once you have all that data somewhere on a server, something useful needs to be done with it. The term “big data” gets thrown around a lot. It’s obvious that having information on consumer behavior has value. Millions of data points that tell a company how people are using the products and services they offer. As with any effort to bring a new product out, planning and carefully evaluating your options is critical to success.
Finally—you have your smart device, connectivity, and a way to effectively put all your collected data to use. But wait, what about security? How do you protect these masses of data from unwanted eyes? What about that old saying, “once it’s on the internet, it’s on the internet forever?”
Security: the biggest challenge
The last aspect to consider is the security of the data generated by IoT devices. The value of this data is that it reflects the behavior, and maybe even private data like the medical information, of the consumers that use IoT devices. In many cases the information is legally protected, and in others, it is important to keep it secure because customers require it.
If you ever go to a meeting on IoT issues, it will almost always devolve into a spiral of death discussion over concerns about security. It’s a big issue and if it’s not handled properly, everything a company has worked for will be lost. Those in the security business love to talk about worse case scenarios. But as with anything else, having a good security plan for your IoT device is the key to success.
No one can get to it
One of the horror stories that security people will often share is how one of the first IoT equipped cars was hacked. The thought of someone getting into the computers on your car is terrifying. Not only could your data be compromised, but the hackers could also make your car unsafe. But the truth of that particular story is that the system was a prototype and there was no security in place.
If you are working on an IoT device, you need to make sure that fairly high levels of security are used. For most cases the level required for financial transactions should work. For medical applications, HIPPA level security is needed. This may include encrypting the data on the device, while being transmitted, and on your server. It also should include strong passwords at every point where the customer can access data and as little data as possible should be on the device itself. Uploading to a secure server is a good way to make things safe.
At some point hackers and bad people will start to attack IoT devices, looking for information or maybe just locking them down for ransom. Even though a device is not a full computer, it should be locked down as much as possible. In addition, certain low-end microcontrollers popular in the maker world should be avoided because of their security vulnerabilities.
No one can abuse it
Once the data is collected and secure, you still have security concerns. Unless your customers have signed waivers that were very clear, you have no real access to their personal information. This means you have to find ways to treat the data in the abstract, and look for trends across customers. Your plan may be to measure where someone is and make revenue by targeting ads to them via your application or email, but make sure you have clear permission to do this. You may not get sued, but if customers feel vulnerable or abused, they will post negative comments online and your device will get a bad reputation.
In the end, security is a big concern when designing your IoT device, but one that can be easily addressed with the right experts, systems, and planning.
The Internet of Things is changing the way our world works. Smart refrigerators, couches, toothbrushes and plates are all either already on the market or in prototype. The future of IoT is a big as our imaginations. But, if we create and maintain these products correctly and find effective solutions to the concerns, then that future is definitely worth looking forward to.
Eric Miller is a principal at PADT Inc.