Handling privacy and security concerns in the IoT: Big Data and Privacy

July 20, 2015 // By Simon Moffatt, ForgeRock
This is the second part in a series of three short articles; read part 1, on the topic of identity (see link).

Part 1 is here.

New waves of Big Data generated by IoT will inevitably change the relationship that users have with their new devices. More intelligent devices will undoubtedly create new efficiencies and models of productivity. However, data on those devices also exposes a wider attack surface, making personal and sensitive information that resides on a greater number of devices, more vulnerable to data theft, device hijacking and other potential threats.

The Internet of Things (IoT) has already created vast amounts of Big Data, and it is only likely to increase further: usage data, product data, location data, personal preference data, relationship data, health data, all of which can be generated or stored on devices with limited processing and storage capacity. This resource limitation ushers in several interesting implications around data privacy.

The example of ‘smart’ athletic shoes, for instance, generates several different side discussions. The ability for the training shoe to log GPS location data, time, speed, and other performance-related metrics is certainly a great advantage to the amateur athlete: firstly, the ability to collect that data, but secondly, to be able to store and share that data socially is certainly a service-improvement use case. The running shoe manufacturer can use that service improvement approach as a competitive advantage, offering a gadget-like feature other ‘dumb’ shoes do not have.

However, what are the consequences of generating and storing such data? The data on its own may not have significant value, but it can when it is combined with other data within a certain context. If that data contains GPS information, for instance, an individual with malicious intent could use that information to know where the shoe owner is (or will go, based on historical data), and also where the owner is not.

Identity of Things data landscape

The IoT, while bringing significant service improvements to consumers and manufacturers, also brings concerns regarding the privacy and security of the