Security in the Internet of Things Era
It’s not just laptops, phones, and tablets that are capable of connecting to the internet in today’s world. Technology has progressed to such an extent that seemingly ordinary items such as watches, refrigerators, cars, fire alarms, yard tools, ovens, and even toys like Cabbage Patch Kids and Furbys are being hooked to the web. And the variety of such objects available is only expected to increase, as research house Gartner estimates that 6.4 billion consumer connected things are currently in use, with that number to reach 20.8 billion by the year 2020.
Considering the numerous benefits of connecting devices to the net—the features and capabilities that consumers would not otherwise experience—this growth isn’t altogether shocking. And for the companies that are offering the products, the draw is also apparent, as the IoT’s expansion gives them access to data that is not accessible through dumb objects—data that can enrich their CRM systems, and enable them to strengthen customer relationships.
What’s important to consider, says Wilson Raj, global customer intelligence director at SAS, is that “the Internet of Things is a disruptive force for customer experience.” And, “whether you’re in financial services, health, retail, hospitality—these [industries] will be impacted” to a great degree.
Brent Leary, cofounder of CRM Essentials, agrees, giving the example of Husqvarna, which offers robotic lawnmowers that feed the manufacturer updates about the health of its products. With such insights, this provider of outdoor power products can better anticipate when a part will need to be replaced, and then send the owner a new part, as well as instructions on how to install it. The benefits are apparent for both parties.
But while it’s agreed that the IoT revolution will have an impact on most industries, the noise and excitement has all but caused some companies to overlook an important factor: security. “There’s a rush right now to get in on the IoT gold rush, so to speak, and some folks are not doing the due diligence before diving in,” Leary says.
This claim is also backed by research from security services firm IOActive, which found that only 1 in 10 smart objects currently available on the market are adequately secured to prevent hacks. And Gartner predicts that by 2020, more than 25 percent of identified attacks in enterprises will be IoT-related.
“One of the top dangers companies face is how to insure their IoT devices do not get compromised by malware, hackers, and the like,” Stephen Gates, chief research intelligence analyst at NSFOCUS, wrote in an email to CRM magazine. “Anything with an IP address [that] is network-connected has known and unknown vulnerabilities. If these vulnerabilities are exploited by hackers, they are quite capable of gaining access to IoT systems, controlling them remotely, and stealing or manipulating the data they are collecting.”
Unfortunately, unlike with other recent technological revolutions, such as social media, which in its early days allowed companies to get away with their fair share of errors, companies “don’t have as big a runway to get this right,” Leary warns, and are likely to feel the consequences of any flubs. For instance, if a smart security camera, car, or house door lock gets hacked, that could have direct impacts on the person’s safety, and his data.
For this reason, both business-to-consumer (B2C) and business-to-business (B2B) enterprises should think about how to make their IoT efforts as secure as possible, to avoid irreparably damaging their customer relationships.
NURTURING A CORPORATE CULTURE THAT VALUES SECURITY
A key to developing a sustainable and safe IoT strategy is to foster a culture that places adequate weight on the security and well-being of its customers. According to Raj, this culture of safety must begin “at the board level.” C-level executives must consider “how data governance and privacy are treated within the organization as it relates not just to customer data, but customer data in the IoT sphere, as well as with partners,” Raj says.
“Data privacy should not be viewed as a governance requirement by the business,” Raj adds. “It should be viewed as a strategic differentiator, as a competitive advantage, and as an enabler of great customer experience.”
Daniel Miessler, director of Advisory Services at IOActive, agrees, noting that it’s important that suppliers of smart products instill “security as a fundamental consideration from the very beginning, all the way back into requirements, the design phase, and all phases of development and manufacturing” of connected devices.