Go to content Phone human-readable description of the message we trying to accomplish. Search human-readable description of the message we trying to accomplish. Map pin human-readable description of the message we trying to accomplish.

Last week I discussed Security and Privacy in Internet of Things with fellow panellists at the GSMA Mobile 360 Series event in the Hague. I talked about three technologies that will help bring privacy and security to the IoT.

  1. “Fog” computing – or processing data at the edge of the network.
  2. User Managed Access (UMA) – an extension to OAuth2 that puts users in control of data resources.
  3. Trusted Execution Environments – a way to protect 1 and 2 above.

If you want to know more then please contact me. But enough about what I said, here’s what I learned and how it could impact you.

EU regulation will make Security and Privacy top of boardroom agendas. On the 27 April 2016, this law was passed and will be enforced on 25 May 2018. I’ve skim read it so you don’t have to. Jump to Article 83 – the section on Administrative Fines.

If you’re processing sensitive personal data and you fail to protect it, you could be liable to a fine of €20 million or 4% of your global revenue. Let that sink in. That’s not profit. Revenue. We all know that profits can be shuffled in a shell game.

Now the stakes for collecting what Bruce Schneier calls toxic data stockpiles just got higher. If your IoT strategy is to collect all the data and monetise later, then maybe it’s worth rethinking. The three technologies that I talked about have some connections with the law:

  1. Data protection by design and default. Start with a secure system by default. Adding security later doesn’t work. The cost of building Trusted Execution at the design phase is a lot lower than a potential Administrative Fine.
  2. User Consent and Withdrawal. Enabling the users to control their data, being explicit with what is collected, how it’s used and allowing users to “set the dial” on privacy. UMA seems to fit the bill quite nicely.
  3. Pseudonymity and encryption – if this is done at the edge of the network (in the “Fog”) in a user managed device, then you can detoxify your data stockpile.

It strikes me that the Administrative Fines may be harsh for smaller businesses and startups, and the winners may be larger organisations that can employ legions of InfoSec professionals. Or perhaps there is a new role to play for Identity as a Service companies to transform Big Data with a detox diet and help smaller companies offload their liabilities.

The first step is to put trust in the Things before adding the Internet into them.

Related content

Webinar: Secure IoT with Microchip and Kinibi-M

During this webinar, you will be introduced to Trustonic's Kinibi-M and shown how to program a MicroChip SAML11 microcontroller, based on the Arm Cortex-M33 processor with TrustZone technology. The webinar will show users how to generate secure messages that a server or cloud can validate from a device for decryption and display.

EE Journal: Microchip SAM11L KPH & Kinibi-M

Adding connectivity to your embedded design opens up a whole new realm of security challenges. Inviting your device to the IoT requires careful attention to building a secure foundation. In this episode of Chalk Talk, Amelia Dalton chats with Anand Rangarajan from Microchip about the SAML11-KPH MCU and how it can help you develop your application without worrying about IoT security.

The Benefits of Trusted User Interface (TUI)

Trusted User Interfaces (TUIs) are the next big thing for securing critical mobile apps. The Trusted User Interface feature allows a Trusted Application to interact directly with the user via a common display and touch screen, completely isolated from the main device OS.

All Internet of Things posts
Back to top