IoT – Part II, Where Are You? How Are You?

By November 16, 2015May 14th, 2021Cybersecurity

In my previous post on IoT, I wrote about how networks of Internet-connected devices aimed at making our lives better are the next monster wave of technology being created. I made it a point to say that the future is here but added that there was a cautionary element to the message. As we have noted time and time again, there is a constant battle between convenience and security. As more products are made and marketed to consumers and businesses with the angle that they will make your life easier, better, simpler, faster or [insert positive adjective here], the value that these devices offer to the consumer must be evaluated against the true cost to the user and, as you’ll see later, compared against the value to the product manufacturer at the user’s expense.

The More Personal, The Better…Right?

There are so many facets of IoT that I needed to pick one to start that would strike a chord. There is no hotter technology nowadays than wearables. Every major device manufacturer is looking to cash in on the age-old fictional fantasy inspired by series like Dick TracyBatman, and Star Trek by bringing more and more wearable or hand-held devices to the masses. Initially, these devices were geared towards improving communication. But the technology has advanced. The size of processors has shrunk while the compute, memory and storage capacities has increased while the form factors have reduced. Suddenly these devices have opened up a world of possibilities for what they could do for (or to) us.

A new dawn of wearables has emerged and it has become obvious to target athletes and those in need of health monitoring. The medical field has long used sensors to monitor the health of admitted patients in hospitals and assisted care facilities. Now, by incorporating these sensors into articles of clothing or wearable accessories and connecting them to a digital brain that correlates that information, people can have their health status monitored in ways once thought unimaginable.

If you recall from the previous post – the IoT exists as an assembly of networks, sensors, software, data and intelligence. Wearable technology integrates the sensors and software components to generate the data element of that formula. The remaining pieces, the networks and intelligence, are what has taken time to evolve and will continue to take time to evolve.

How do you feel? Never mind we already know…

Expect an explosion of applications and sensors in the coming months because finally the technology companies have opened up their platforms for developers. Last fall Apple announced and released HealthKit – a platform Apple claims “allows apps to provide health and fitness services to share their data with the new Health app and with each other”. The caveat to that is that Apple “requires a user’s health information to be stored in a centralized and secure location.” This is a huge amount of trust that Apple requires of its users. Furthermore, say you are not a user but simply a patient. You have to accept that your personally identifiable information (PII) and protected health information (PHI) will be stored securely and trust that Apple has all the safeguards in place to protect that information. You also have to trust that the developers are designing and building these apps intelligently with a security focus. That’s a lot of trust.

Trading Privacy For Cost Savings

In some cases its not how these manufacturers are protecting information that should concern you but rather how they share information. A few months ago Business Insider ran an article that explained how insurance companies are investing heavily in IoT technology so they can offer Usage Based Insurance (UBI). The basic premise is that insurance companies want to equip their clients with IoT devices (sensors) that give the insurer the ability to monitor how risky their clients are so they can tailor the cost of insurance – seemingly incentivizing a healthy lifestyle or more thoroughly monitored home because logically it is cheaper than covering one absent this intelligence. The same data used to monitor your vitals or if your spouse is burning something in the kitchen is now being used to adjust your insurance premiums.

So where does this trust come from?

For those who want to have more control over the core infrastructure used to process or store information in an IoT network but still leverage a platform designed to make it easier to create and deploy IoT devices and apps Amazon Web Services announced their IoT service at it’s Re:Invent conference last month. AWS IoT promises to connect billions of devices securely to the cloud and support sending trillions of messages over its network. This is exceptional. Think about that – trillions of messages. The good news is that AWS has built its IoT platform with security in mind. According to Forbes, “AWS has taken a security-first approach while designing its IoT platform.” Devices connecting directly to AWS IoT must support managing a unique certificate within the device. Also AWS has extended IoT authentication with its proven Identity Access Management (IAM) service and Cognito mobile authentication service. Clearly, AWS has considered many factors with IoT and has implemented security provisions wisely. Now it’s up to the developers to leverage this platform properly so as to maintain the baseline security throughout the full application execution.

Whether it’s buying a smartwatch so you can message your loved one with your heartbeat or tracking your potassium level during your marathon training, there truly is a device/sensor/network and an app for everything. The important thing to consider is which data are you allowing these technology companies to collect and analyze about you, and whether you are fully aware of with whom they share that data. Clearly, there are companies like big insurance agencies that have a financial interest in accessing this information. Fortunately, you have companies like AWS who are building IoT platforms so independent app developers and hardware manufacturers can build devices with strong security protocols.

As a consumer, be as aware as you can be.  Read the End User License Agreement (EULA) once in a while. Go in cautiously and armed with awareness.

While the wild west is being tamed a bit with better platforms and greater awareness, you still need to keep your eyes open.

Jeremy Wheeler

Author Jeremy Wheeler

Jeremy is a self-motivated and engaging information technology solutions leader with 16+ years of extensive experience spanning government systems engineering, cloud architecture, big data analysis, HR systems management, network analysis, system administration, information/cyber security assessments, penetration testing, agile project management, custom application/database development, and technical business development/sales. He currently possesses the AWS solutions architect associate, sysops administrator associate, and developer associate certifications in addition is trained and certified with a SANS GPEN accreditation. Jeremy oversees Alpine's Cloud & IT Services division and is an energetic, team-focused professional who values fostering strong customer relationships to ensure client satisfaction with comprehensive, high quality and time-bound deliverables.

More posts by Jeremy Wheeler

Leave a Reply

Time limit is exhausted. Please reload CAPTCHA.