How to bake security into the design of IoT products

Digital connectivity is a wondrous thing. It makes it possible for people in as many as 58 countries to order a taxi, private car or rideshare straight from their mobile phones in a matter of minutes. It makes it possible to connect even the most mundane things, like thermostats and refrigerators, to the internet, so people can improve energy efficiency and control the temperature within their homes from their computer, tablet or smartphone.

Yet, while these connected things have automated processes and simplified life, they haven’t made life safer. Many technology pundits and data security experts focus on increased risks and network attacks, but they’re overlooking a far bigger problem that’s right in front of their faces: protecting data stored locally on these gadgets and devices. And with Gartner predicting there will be 25 billion connected things in use by 2020, no person or business can afford to overlook this problem.

Anyone who wants to sell a connected product – be it a fridge, a thermostat, a television or even a car – knows that the issues of privacy and security will be major stumbling blocks that could hinder mass adoption and sales.

>See also: The Security of Things: IoT and cybercrime

These cool and shiny Internet of Things (IoT) gadgets might garner initial excitement and buzz. But until manufacturers can assure people they won’t have their personal information stolen from underneath them, it will be difficult to generate consistent sales.

When it comes to building new software-enhanced products, most manufacturers are focused on things like sleek design, automation, hyper connectivity and user experience.

Just look at what carmakers are doing to improve the driving experience. Ford and General Motors are already providing web-enabled infotainment features like OnStar and MyFord Touch. And then there’s Tesla, which announced its plans earlier this year to allow drivers to upgrade the software in their Model S vehicles so they could add the capability of autonomous driving.

This is even more frightening when you consider there will be a quarter of a billion connected vehicles on the road by 2020, enabling new in-vehicle services and automated driving capabilities, according to Gartner.

Until manufacturers can convince consumers otherwise, businesses should be cautious and remember that these connected things are not unbreakable and users should be careful about how they connect their personal information to them. There could also be other issues that these products don’t address. If manufacturers want to sell their connected products – and sell them repeatedly and for the long haul – they need to bake security and proper data erasure methods into the design.

Consider what this could do for the car rental market. Once drivers are ready to return their rental cars, there could be a built-in feature that lets them completely erase all of the data retrieved from their digital devices and then display a verification report on the vehicle’s dashboard listing all data that was completely and properly removed from the car’s system. And what about connected homes and home rentals?

In order to build security into products from the get go, it’s going to take a lot more than just having a desire to do it. That means changing the way teams are recruited, hired, on-boarded and organised across the entire organization. That also means being more inclusive in which different teams are involved in the product development process.

More often than not, the product development and design process is a function that’s reserved only for product developers, UX/UI designers and engineers. Product design and experience-focused teams are often huddled in a room, drawing and testing concepts on a white board. This needs to change, with IT and data science teams invited to the table too.

People who work in IT and data science/analytics bring unique and specialised skillsets that product developers, engineers and UX/UI designers don’t possess. IT and data science pros look at products from the entire lifecycle and use complex technology, tools databases and algorithms to collect, store, track, analyse and process data.

>See also: Securing the Internet of Things – what have you forgotten?

They do this to understand who the customer is, what types of interactions they tend to make and what experiences they want, and they use all of that data and insights to enhance the overall customer experience.

This is where IT and data science teams can be a huge asset to product development. By embedding data security and protection into the design of products, companies can both improve the customer experience and guarantee that their personal information is protected.

That’s a win-win for companies and customers, who are all worried that their data could potentially be accessed and stolen, or a cybercriminal might take over their network.

 

Sourced from Pat Clawson, CEO, Blancco Technology Group

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

IoT Security