[Report] Consumer Perceptions of Privacy in the Internet of Things
IoT - RTD WHITE PAPER SquaredOnline
1. GROUP.11
1
IoT: Security threats, education concerns & RTD dependency
By Kim Bateson, Inna Chilik, Laura Franceschini, Anurag Shukla, Yuliia Tkachuk, Jamie Wallace
Laura Franceschini revised version
2. GROUP.11
2
ABSTRACT
Since the raise of IoT, or “Internetof Things”inthe early2000s, billionsof dollarshave beeninvestedinconnecting
machinesandappliancestothe net.These machines/appliancesencompassanythingfromthe increasinglyused
smartphones,home appliances,personalhealthtrackerstoindustrialtoolsandself-drivingcars.All these machineswill
have sensorsandchipsto be able to monitorchangeswithin them(anexampleis the nextgeneration fridge/freezerthat
scans the fridge contenttosuggestspossiblerecipes withthe ingredients presentinthe fridge, andcompile the shopping-
listonthe otherhand to refill yourfridge withyourusual products brands) and/ormonitorchanges outside the
appliances/devices (forexample:wearablessuchasa famousbrandof watches thatmeasure yourheartbeatandthe
caloriesburnedinthe last timed, completedphysical exercise) andreportinformationonthese physical changes.
Gartner reportsthat in2016, 6.4bn “things”will be usedandby2020, Gartner predictionisthat20bn “things”will be
connectedtothe Internet1
.
While the technologyunderlyingthe IoTandthe waydevicesandappliancesare connecteddonotchange fundamentally -
otherthan inthe way Networkingismanagedtoallow capturingandtransmittingthe increasedamountof dataalongwith
accommodatingpartof Analyticsonthe WAN (Wide AreaNetwork) - thismassive change inshareddataoverthe Internet
raisesa concernsof:
security-related threats
● the necessitytoeducatingthe consumersabouttheirshareddata and the importance of consistent dataprotection
legislation across the globe
● the fundamentalneedforbusinessestoimplementan“onthe fly”decisionmakingprocess(RTD:Real-TimeDecisions)
for internal processchange to adapt to marketing change such as campaign to consumers – thus external requests
In early2016 The Economist,sponsoredbySamsung,interviewed404technologyexecutivesacrossthe globe,fromboth
private andpublicsectors froma varietyof industries(paper:“Assessingenterprise readinessforthe Internetof Things”2
).
The data collectedinthissurveyshowsthat53% of executivesunderstandthatthe worldof datais changing,that
executives are respondingbymoderatelyinvestingcapital toprepare the businessesforthischange and theyalsoexpect
thisinvestmenttoincrease slightly withinthe next2years.The surveyadditionallyshowsthatsome marketsare better
preparedtomanage model disruptionby
the IoT (see chart onthe right),partially
answeringthe question of whetherthe
corporate world isadaptingto the change
ina promptfashionintermsof capital
investmentsinsystems,and withrecruiting
the necessarytalenttomanage boththe
data and the decisionsmakingsystems
(Real-TimeDecisions),while managing
security.
Withthe advance of technologyandan ever
increasingdemandfromtheconsumers’ side
on flexibility of a meshed customer journey
in a variety of touchpoints, data will be
produced in mass and in diverse
environments.
1
http://www.gartner.com/newsroom/id/3165317
2
http://samsungbusiness.economist.com/assessing-enterprise-readiness-for-the-internet-of-things/
3. GROUP.11
3
Considering the ever fast altering consumer needs, information collected can be useful only when the business is able to
highlight this change in consumers’ needs in advance, predict the trend and respond immediately with the appropriate
solution, in other words, adapt promptly to the prediction.
Thiswhite paperisaddressingthe threemainareasthatcorporationsandEngineeringshouldtake intoconsiderationinorder
to safelyimplementthe changesinthe data domainand make data sharingsmoothfor consumerswhile retainingthe most
of benefits for businesses in terms of predictive/adaptive analytics and real-time decision making.
BACKGROUND AND RECOMMENDATIONS
Potential vulnerabilitiesinthe handlingof IoT data
IoT processingishappeningwithinadistributedarchitecture of ahybridnetworkingenvironment.Thissomehow
contradictsthe initial predicamentof cloud-computing, accordingtowhich dataprocessingwashappeningwithinthe cloud
leavingthe user’sedge devicesasdumbportalsintothe cloud.
Althoughthe “clean-cutcloudarchitecture”hasworkedwell overthe past10 years,it fallsapartwhenaddingbillionsof
devicesaswell asmicrodatatransactionsthatare incrediblylatencysensitive.
Insteadof forcingall processingtobackendcloudsandhavingall IoT devicesintercommunicationthroughacloud
intermediary,“fogcomputing”proposesfordevicestotalkdirectlytoone anotherwhenpossible,allowingthemtohandle
much of theirowncomputational tasks.
Thisparticularsetupgiveswayto several datahandlingscenarios:sometimesthe IoTapplicationwill reside inapublic
cloud,andother timesinthe enterprisedatacentre,insome casesend-deviceswillbe verythin,whilstatothertimesthey
will have highlevelsof computingpower.Enterprise networksanddatacentres will demandthe flexibilitytoaddressthese
hybridandheterogeneouscomputingrequirements,causingresourcestofluctuate upanddowninconjunctionwithIoT
needs.
In all casesthe concern relatedtodata securitypersistsandexpands,beingassociated notonlytodatacentresbutalsoto
the fog computingwithall itsentrypointsbecomingvulnerabilities.
Thus the businesses’PlatformsOperations(PO) departmentswillhave tore-evaluate securityparadigms.POdepartments
are usuallythe businessunits,withinthe organizations, responsible forthe prioritization,selection,andoperationof
internal enterprise IoTapplications.However,POandIT organizationsoftenhave differentviewsaboutthe importance and
efficacyof WAN Internetconnectivity,cloud-basedapplications,andsystemsmanagement,threecritical piecesof anIoT
applicationthathave essential securityimplications.
Most of the vulnerabilitiesof IoTsolutions happen viaedgedevicesandcompromiseddeviceswhichare generallypartof a
PlatformsOpsnetworkenvironment.AmongITdecisionmakersitisa commonbelief thatthe wayforwardisto extendIT
securityparadigmsandsolutionstothe PlatformsOpsenvironment.Nevertheless one of the challengeswe have incurrent
IT security environments isanover-reliance onsecurity analyststoinvestigatepossiblesecuritybreaches.Analyststake
longerthanautomatedIntrusionDetectionSystemswithinbuiltintelligence analysis.While the analystisworkingonone
breach,lotsof otherpotential breachesare occurring.
If the solutionwastosimplyextendcurrentITsecurityparadigmstoIoT/PlatformsOpsenvironments,businesseswouldnot
have enoughsecurityanalyststohandle the additional workload.
Recommended Strategy: IT and PO organizations must conduct careful security analysis and audits of proposed IoT
deployments.Theintegration of networking,platforms,applications,and managementtoolsacrossIT and PO organizations
does expose enterprises to new security vulnerabilities. Recommendation is to both extend the IT security paradigms to PO
and to make a consolidate use of network security solutions that rely on automation to help minimize these disruptions.
Sharing of consumers’data
From a business standpoint, IoT represents a huge advantage: companies can gain real-time perspective from consumers’
habits, thus enablingthe businessestobettertailortheirofferings to consumers.Inreturn consumersget the products and
servicestheywant,where andwhentheywantthem.Thisconstant customization,if performedcorrectly,will putanendto
hit-and-miss direct marketing.
4. GROUP.11
4
Fromthissetupit'snotjustmarketerswhobenefit,departmentssuchasproductdesign,logisticsandsaleswillgreatlybenefit
from the shared data, allowing the ability to promptly respond to consumer needs, but all of this can happen only when
consumers are ready to buy into the concept of the IoT.
In a 2014 AcquityGroup Study,nearlyone quarterof participantsrepliedthattheyhave turnedoff in-home IoTdevicesdue
to privacyconcerns,whilemore thanhalf reportedthattheywerelesslikelytouse wearable devicesbecauseof recenthacks
and data breaches at major companies3
.
When it comes to data Privacy, IoT involves the collection and use of individuals’ information which is at present sparingly
regulated per country (in UK by the existing legislation “Data Protection Act 1998” or “The defamation Act 2013”).
Concerns about privacy are understandable, as of today there is
not cohesive global legislation and jurisdiction for international
cases becomes a thorny subject (for example when the business
HQ isinUS andthe consumers’breacheddataisfromSpain).That
should be enough for firms investing in the IoT to ensure that
security is embedded in their content-management system, that
the data transmission is encrypted (TLS method) and that this
remains a constant pillar of their strategy.
In additiontosecurityconcerns,the surveyshowsthat exceptfor
a small core of early adopters, most consumers are reluctant to
risk giving their data away unless the benefits are substantial. As
with any sort of transaction, consumers will only willinglyshare
information if they gain something meaningful in return.
Over the long term, organizations and firms will realize that the Internet of Things is not about gadgets, nor is it about
individual products or projects, but rather about developing strategies that offer consumers a true user centric, seamless
experience, from the point of purchase to the end of a product's lifecycle.
Recommended Strategy: to respectlegal requirementsand the consumers’privacy.Itis recommended thatfirmscollect only
the essentialdatafromconsumersand alwaysin a transparentfashiontowardsthedata owners,empoweringthe
consumerswiththe ability to choosewhetherthey wantto shareinformation with thebusinessesand when.
Benefits: In this scenario the potentiallegal issue related to privacy (pending on locallegislation) is addressed and overcome.
To allow thisto happen,bothfirmsand engineering (namely thesoftwarecompaniesthatdesigned and promotedthe
developmentof theIoT) need to initiate a dialoguewith consumers,promoting a cultureof transparency and education
towardsconsumersaboutwhatdataisshared and how it is shared,in orderto gain the consumer'strustand cooperation,
withoutwhich any IoT strategy is deemed to fail.
The rise of Real-Time Decisions
Withthe rise of a consumercentricapproach inthe retail market,alongwiththe rise of IoT,decisionmakingfor bothfirms’
internal processesandBrandengagementbecomesacrucial processfor businessesthatwanttosee theirconsumerbase
growing.Notonlydoesdecisionmakingbecome afundamental partof branding,helpingBrandstopredictconsumertrends
and proactivelyadjustall Brandcommunicationalongwithprocesseswhich couldimpactthe bottomline, it’salso
demandingthe firm'sseniormanagementto complywithaspeedindecision makingthatisunprecedented:all itisrequired
to keepupwithconsumersBrandengagementandconsumers’rapidlychangingneeds.Thisprocesshasbeenaddressed
until recentlywithBI (BusinessIntelligence) anditsPredictive Analytics,whichisbasedonhistorical data.
The volume,velocityandvarietyof dataingestedbytoday’sdata-intensiveanalyticplatformspresentsasignificant
challenge fordecisionmakers:itisnolongerfeasible torelysolelyonhistorical andbatchanalysistomake well-informed
decisionsthatare bothtimelyandactionable.Instead,organizationsmustbeginpushinganalyticsandhighlighting
capabilitiesasfarupstreamtowardthe data collectionpoint aspossible,inordertoelicittrulyreal-time insightsfromthose
data streams.There are a significantnumberof toolsonthe marketthat addressthe problemof downstreamanalyticsina
voluminousenvironment;however,the abilityforthese toolstoperformreal-time analysisandalertingislimitedbythe
3
http://quantifiedself.com/docs/acquitygroup-2014.pdf
5. GROUP.11
5
performance of today’ssolutionsusedtoExtract,Transform, andLoad (ETL) data intodownstreamsystems,due tothe
latencytheyaddbetweendatacollectionanddataanalysis.
Recommended Strategy: Real-time decision making dependson synergy between businesses and theircustomers.However
thoseare notthe only parties impacting thisdata-driven technology:Softwareand NetworksEngineering inherit
responsibilityof allowing,on a technical level, part of real-time analyticsto happen on the fog computing,acting astheethic
gatekeeperof clear communication between thetwo parties(referenceto how Daniel J. Weitzner -head of theMIT
Cybersecurity- and otherSecurityexpertsarevoicing concernsaboutemailand communication encryption to bebreached by
GovernmentAuthorities4
).In thisscenario Engineering becomes thecentral communication pointbetween businesses and
consumers,being thusbothinfluenced by businesses’ marketsin termsof technology requirementswhilstin turn influencing
and leading corporations forbothsecurity,dataprotection and systemimplementation.
With regard to systemimplementation,being RTDa reasonably new technology,recommendationson how to implement
RTD systemsin corporateenvironments - to achieveprioritization of multiple projects,reuseknowledgefromprojectto
project,act on a specific plan and valueinformation and analyticsin terms of businessimpact – is as following:
● Identify Decisions:Identify the decisionsthat are thefocusof the project
● Describe Decisions: Describe the decisionsand documenthow improving thesedecisionswill impactthe business
objectivesand metrics of the business
● Specify Decision Requirements:Moving beyond simpledescriptionsof decisionsin order to specify detailed decision
requirements.Specifying theinformation and knowledge
required to makethe decisionsand combineinto a Decision
RequirementsDiagram
● Decomposeand Refinethe Model:Refine the requirementsfor
these decisionsusing the precise yeteffortlessly understandable
graphicalnotation of Decision RequirementsDiagrams.Identify
additionaldecisionsthatneed to be described and specified.
This evokesBusinessRequirementsfortheRTD implementation keeping
in mind theIterative Decision Modeling Cycle described per figure on the
right (an excerptfrom“Decision RequirementModeling with DMN” 5
).
CONCLUSION
The Internetof Thingsisthe transformational interconnectionof
devicesandsensors,suchasmachinery andappliances,withmobile
hardware,enterprisehardware andsoftware tocreate a new breedof
applicationsthatintegrate the physical andsoftware assets,providinga
quantumshiftinoptimizingbusinessprocesses.
The Internetof Thingsinvolvesacomplex andevolvingsetof technological,social,andpolicyconsiderationsacrossadiverse
setof stakeholders.The Internetof Thingsishappeningnow,andthere isaneedtoaddressitschallengesandmaximize its
benefitswhilstreducingitsrisks.
IoT isalreadychangingthoughtprocessesaroundandactingon dailylife inall interactionswithanymachine orappliance.
Thischange will reflectintrillionsof piecesof informationsharedonlinewhichinturn,raisesconcernsof datasecurity,
privacy violationandabilityforcorporationtouse thisdataina transparentandeffective fashion.
Thischange,withall itschallenges, canbe seenasa securityandprivacythreat fromthe consumer’sviewpoint,oritcanbe
seenasa chance of cooperationbetweenRetailersandConsumersallowingEngineeringtotake the leadfroma single point
of contact betweentwodifferentworlds,advocatingforconsumers’privacy,whilstpromotingtechnologyinawaythat will
leadto win-winsituationforboth businesses andconsumers.
Onlytime will tell whichpathwe will choose,since atpresentitistoosoonto draw definitive conclusions.
4
http://www.nytimes.com/2015/07/08/technology/code-specialists-oppose-us-and-british-government-access-to-encrypted-communication.html?_r=0
5
http://www.omg.org/news/whitepapers/An_Introduction_to_Decision_Modeling_with_DMN.pdf