Smart City

Smart City Sentinel

Meeting Top IoT Challenges: Security, Privacy, Regulations

By Special Guest
Jocelyn Aqua, Principal, Regulatory Privacy & Cybersecurity, PwC

There’s no doubt that emerging technologies are improving both the lives of individuals and the opportunities for businesses around the world. What is in doubt is whether those technologies can be trusted with our security and privacy.

Internet of things (IoT) presents a particularly tough dilemma, because each of the thousands, millions or billions of “things” that collect and transmit data can pose a security or privacy threat, potentially infiltrating a corporate network and exposing confidential information. To prepare and defend themselves, their customers and their employees, companies need to rethink their existing IoT security and privacy practices.

Balancing these potential risks are IoT’s abundant benefits: gaining customer insights, increasing revenue and profits, enhancing customer experience, boosting employee productivity, developing more innovative products, upgrading cybersecurity, improving decision-making, strengthening supply chains and enhancing business operations.

The question this risk-versus-reward dilemma raises is: Are the documented benefits of IoT worth the potential risks? According to 93 percent of approximately 1,000 US executives recently surveyed, the answer is a resounding “Yes!” For them, the rewards definitely outweigh the risks. However, these execs are not so blinded by IoT’s opportunities that they ignore security and privacy threats. In fact, the majority of companies surveyed are taking, or planning to take, steps to mitigate these risks.

Taking action to manage risks
The executives surveyed acknowledged that they are undertaking — or need to undertake — effective measures to deal with IoT-based privacy and security threats, but some companies are being more aggressive in this area than others. In cybersecurity, for instance, 80 percent of the most proactive firms, whom we call trailblazers, are taking steps to build trust, compared with only 38 percent of companies that are slower to move on this. In the area of privacy, 69 percent of trailblazers — but just 31 percent of laggards — are enacting measures to mitigate threats.

Trailblazers are also far ahead of laggards in dealing with critical data issues, such as integrity, reliability and accuracy; IoT’s impact on the workforce; its impact on a company’s brand and reputation; the potential impact of future laws and regulations; and AI bias, ethics and legal issues.

The specific actions that these executives — especially in the trailblazer companies — have taken to enhance security and privacy cover a wide range of areas. Half of all the survey respondents have built in security at the start of an IoT initiative, and close to half have trained employees on IoT security requirements (48 percent) or implemented policies specific to IoT security (47 percent). Only 2 percent have not taken any steps to increase IoT security.

When it comes to protecting employee and customer privacy, the top actions taken by these executives include implementing a data privacy policy (43 percent), enhancing security to prevent breaches of personal data (41 percent), and designing security and privacy into IoT products (41 percent). Only 1 percent have not taken any actions to deal with IoT privacy concerns.

A changing regulatory landscape
The surveyed executives are also concerned about IoT’s place in today’s ever-changing regulatory environment. The landscape changed dramatically in May 2018, when the European Union introduced the General Data Protection Regulation (GDPR), which demands data protection and privacy for all EU citizens, while also addressing the issue of transferring personal data outside the EU. Following GDPR, more than 80 countries have enacted privacy laws, and a growing number of US states have introduced privacy laws, such as the California Consumer Privacy Act of 2018 (CCPA).

Regulatory challenges are particularly complex for companies that have an IoT system that houses data from different states or countries, especially if the data is stored in clouds based in different nations. Yet, the majority (56 percent) of the survey executives think privacy regulations such as the GDPR and the CCPA will have a positive impact on IoT deployments, while only 13 percent believe they will have a negative impact.

Almost half of the companies have already begun taking steps to respond to these and future privacy regulations. For example, 47 percent of the executives said they’re implementing new practices across their organization, 45 percent are engaging with regulators, 44 percent are changing privacy policies in their company, and 44 percent are working with others in their industry to address privacy issues.

Planning for the future
It’s clear that privacy, security and regulatory concerns are affecting internet of things deployments, but it’s equally clear that most organizations are not going to let these worries derail their IoT initiatives. They’re excited about the business opportunities IoT offers and are willing to take the actions required to allay the concerns of customers, employees, partners and regulators.

By responding proactively to security, privacy and regulatory challenges, these companies will build — virtual brick by virtual brick — trust in the IoT.

About the author: Jocelyn Aqua is a Principal with PwC US, based in Washington, DC, where she provides guidance to companies on the intersection of privacy, cybersecurity and regulatory risk. She is a former US government privacy officer with over 20 years of public and private sector data privacy and cybersecurity experience. Aqua advises global companies on data governance, data protection and data transfer strategies, and is a frequent lecturer at universities and national conferences on privacy law, data protection and cyber threat information sharing.

Edited by Ken Briodagh

Related Articles

Will Mid-Tech Products Drive IoT Innovation in 2021? This CEO Thinks So

By: Arti Loftus    11/12/2020

As we head into the New Year, it is that time of year for planning and predictions, and this year, creating strategies in the midst of what could be a…

Read More

IoT Award-Wining Saepio Solution from Leads Industry in Social Impact

By: Ken Briodagh    11/11/2020

In a recent announcement, was given a 2020 IoT Evolution Community Impact Award for its Saepio solution, which is designed to facilitate sa…

Read More

ORBCOMM's New Communication Device Enables Providers to Add Satellite to IoT

By: Ken Briodagh    11/11/2020

Offers cost-effective, two-way satellite communications and reliable dual-mode coverage in remote areas around the world with limited cellular connect…

Read More

IoT Time Podcast S.5 Ep.40 Quantela

By: Ken Briodagh    11/5/2020

In this episode of IoT Time Podcast, Ken Briodagh, Editorial Director at IoT Evolution, sits down with Ed Olsen, VP, Business Development and Outcome …

Read More

Semtech Expands LoRa Edge Portfolio with New Solutions

By: Ken Briodagh    11/4/2020

The LoRa Basics Modem-E and LoRa Edge Tracker Reference Design lower development costs and eliminate design complexity for IoT applications

Read More