iot health

IoT Evolution Health News

IoT Evolution Health Home

Meeting Top IoT Challenges: Security, Privacy, Regulations

By Special Guest
Jocelyn Aqua, Principal, Regulatory Privacy & Cybersecurity, PwC
January 16, 2020

There’s no doubt that emerging technologies are improving both the lives of individuals and the opportunities for businesses around the world. What is in doubt is whether those technologies can be trusted with our security and privacy.

Internet of things (IoT) presents a particularly tough dilemma, because each of the thousands, millions or billions of “things” that collect and transmit data can pose a security or privacy threat, potentially infiltrating a corporate network and exposing confidential information. To prepare and defend themselves, their customers and their employees, companies need to rethink their existing IoT security and privacy practices.

Balancing these potential risks are IoT’s abundant benefits: gaining customer insights, increasing revenue and profits, enhancing customer experience, boosting employee productivity, developing more innovative products, upgrading cybersecurity, improving decision-making, strengthening supply chains and enhancing business operations.

The question this risk-versus-reward dilemma raises is: Are the documented benefits of IoT worth the potential risks? According to 93 percent of approximately 1,000 US executives recently surveyed, the answer is a resounding “Yes!” For them, the rewards definitely outweigh the risks. However, these execs are not so blinded by IoT’s opportunities that they ignore security and privacy threats. In fact, the majority of companies surveyed are taking, or planning to take, steps to mitigate these risks.

Taking action to manage risks
The executives surveyed acknowledged that they are undertaking — or need to undertake — effective measures to deal with IoT-based privacy and security threats, but some companies are being more aggressive in this area than others. In cybersecurity, for instance, 80 percent of the most proactive firms, whom we call trailblazers, are taking steps to build trust, compared with only 38 percent of companies that are slower to move on this. In the area of privacy, 69 percent of trailblazers — but just 31 percent of laggards — are enacting measures to mitigate threats.

Trailblazers are also far ahead of laggards in dealing with critical data issues, such as integrity, reliability and accuracy; IoT’s impact on the workforce; its impact on a company’s brand and reputation; the potential impact of future laws and regulations; and AI bias, ethics and legal issues.

The specific actions that these executives — especially in the trailblazer companies — have taken to enhance security and privacy cover a wide range of areas. Half of all the survey respondents have built in security at the start of an IoT initiative, and close to half have trained employees on IoT security requirements (48 percent) or implemented policies specific to IoT security (47 percent). Only 2 percent have not taken any steps to increase IoT security.

When it comes to protecting employee and customer privacy, the top actions taken by these executives include implementing a data privacy policy (43 percent), enhancing security to prevent breaches of personal data (41 percent), and designing security and privacy into IoT products (41 percent). Only 1 percent have not taken any actions to deal with IoT privacy concerns.

A changing regulatory landscape
The surveyed executives are also concerned about IoT’s place in today’s ever-changing regulatory environment. The landscape changed dramatically in May 2018, when the European Union introduced the General Data Protection Regulation (GDPR), which demands data protection and privacy for all EU citizens, while also addressing the issue of transferring personal data outside the EU. Following GDPR, more than 80 countries have enacted privacy laws, and a growing number of US states have introduced privacy laws, such as the California Consumer Privacy Act of 2018 (CCPA).

Regulatory challenges are particularly complex for companies that have an IoT system that houses data from different states or countries, especially if the data is stored in clouds based in different nations. Yet, the majority (56 percent) of the survey executives think privacy regulations such as the GDPR and the CCPA will have a positive impact on IoT deployments, while only 13 percent believe they will have a negative impact.

Almost half of the companies have already begun taking steps to respond to these and future privacy regulations. For example, 47 percent of the executives said they’re implementing new practices across their organization, 45 percent are engaging with regulators, 44 percent are changing privacy policies in their company, and 44 percent are working with others in their industry to address privacy issues.

Planning for the future
It’s clear that privacy, security and regulatory concerns are affecting internet of things deployments, but it’s equally clear that most organizations are not going to let these worries derail their IoT initiatives. They’re excited about the business opportunities IoT offers and are willing to take the actions required to allay the concerns of customers, employees, partners and regulators.

By responding proactively to security, privacy and regulatory challenges, these companies will build — virtual brick by virtual brick — trust in the IoT.

About the author: Jocelyn Aqua is a Principal with PwC US, based in Washington, DC, where she provides guidance to companies on the intersection of privacy, cybersecurity and regulatory risk. She is a former US government privacy officer with over 20 years of public and private sector data privacy and cybersecurity experience. Aqua advises global companies on data governance, data protection and data transfer strategies, and is a frequent lecturer at universities and national conferences on privacy law, data protection and cyber threat information sharing.




Edited by Ken Briodagh


SHARE THIS ARTICLE
Related Articles

RAN Research arm of Rethink Outlines 5G Market in New Report

By: Ken Briodagh    2/21/2020

A new report from the RAN Research arm of analyst firm Rethink Technology Research has taken a deep look at the landscape of 5G networking.

Read More

It's IoT Time: IoT Evolution 2020 is Over, But the Story Continues!

By: Ken Briodagh    2/19/2020

We are finally starting to dig through all the learning, connections and amazing experiences that came out of last week's IoT Evolution Expo and we wa…

Read More

IoT Evolution Announces IoT Evolution Expo 2020 Best in Show Award Winners

By: Ken Briodagh    2/19/2020

Leading Internet of Things event Honors Best of Show Award Winners in Fort Lauderdale, Florida

Read More

IoT Time Podcast S5 Ep7 IoT Evolution Expo Post Show Wrap-up

By: Ken Briodagh    2/19/2020

In this episode of IoT Time Podcast, Ken Briodagh is all alone again, this time to give you a very quick download on last week's IoT Evolution Expo 20…

Read More

Understanding 5G for IoT: Debunking Common Misconceptions

By: Special Guest    2/19/2020

Thinking of 5G is a minor evolution is a mistake, especially for business leaders, for whom 5G will be of strategic importance. Why? Let's debunk a co…

Read More