Three Ways to Reduce Risk While Transitioning to IoT

The Internet of Things is redefining security, risk and cost at many public and private enterprises. Thankfully, new best practices for risk mitigation, privacy protection and cloud management have emerged.
By Maria Horton
Feb 17, 2016

The U.S. federal government has begun to explore the benefits of the Internet of Things for citizens through public-sector initiatives, including smart parking systems, smart metering, home health care and variable road pricing. Given the depth and breadth of these systems, the government may have the best vantage point on the governance, risk and implementation impacts of the IoT.

The interconnected systems supported by the IoT make it possible for the government to streamline operations in new ways, such as improving employee productivity and reducing operating costs. IoT systems also offer the opportunity to enable more effective communications to connect the defense communities scattered across the globe.

As federal agencies begin to collect citizens' personal data via the IoT, compliance and security will become key for ensuring citizen trust. However, IoT systems, as they are currently designed, present challenges when it comes to forming overarching compliance requirements. For example, many IoT devices have not been designed with patch-management capabilities. In other cases, IoT devices may not audit the data they collect, even if that information requires a forensic trail, per compliance regulations.

Government agencies are obliged to issue system of record notices, describing how citizen data is collected and used. Furthermore, compliance with National Institutes of Standards and Technology (NIST) guidance requires that annual interconnection agreements be signed and maintained. An interconnection is defined as the direct connection of two or more IT systems for the purpose of sharing data and other information resources. Clearly, the government's IoT systems fall under these requirements.

For enterprises, the collection, via IoT systems, of data related to personnel generates a number of corporate governance issues. As IoT devices are connected to cloud-based computing systems, used within and for the government, current security policies will likely change, as they did following the emergence of cloud-based systems. In spite of the attractive benefits of the IoT, government leaders implementing new IoT practices need to devise policies that help identify and allocate the changes from current compliance and security practices.

IoT systems will force the private and public sectors to generate new practices in cybersecurity, compliance and privacy. Discussed below are key security best practices that will help government agencies and commercial users manage their early IoT strategies:

Rethink Management of Cloud + IoT
From a cybersecurity perspective, once organizations are using cloud computing and IoT systems, they need to think about how to secure multiple connection points, as well as the metadata and the automated or sensor-driven data obtained and stored.

Simply enter a question for our experts.
Sign up for the RFID Journal Newsletter
We will never sell or share your information
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations