I’m Peter Webster, chief executive of Corps Security, and this is where I examine the issues affecting the security industry. My thoughts and opinions are intended to generate debate, and whether you agree or disagree with them, you’re welcome to post your comments below.
If you’re anything like me, the thought of living in a world without the Internet is hard to imagine. It has become the dominant factor in how we communicate and exchange information, and for some the thought of being without it is too much to bear. I recently read Vodafone’s Digital Behaviours study, which found that more than a third of Britons said they did not think they could make it through a full day without it, with the most common excuses being that it is part of modern life, and needing a way to contact friends.
This connection is evolving beyond mobile phones, tablets and computers and has developed into the Internet of Things (IoT). It’s a term that is widely misunderstood, but in a nutshell it describes a system where items in the physical world, and sensors within or attached to these items, are connected to the Internet via wireless and wired connections.
Put simply, it connects everything and everyone – from smart phones to coffee makers, washing machines, energy meters, headphones, refrigerators, lights, cars, wearable devices and almost anything else. The scope of the IoT is only limited by our imaginations and as each week goes past, new and exciting Internet connected devices are being developed and introduced to an ever more tech-savvy society.
Proponents of the IoT see it enabling a brave new world, free from the more mundane aspects of life. Meanwhile, those of a more cautious disposition envisage a Big Brother situation where governments, corporations or those with malicious intent can access information about individuals and their activities. One thing is for sure – it is the gateway to artificial intelligence, where interconnected machines that have human-like qualities to learn and rationalise will be developed and introduced.
Estimates about the amount of connected devices set to be in use over the next few years vary enormously. According to Intel, the IoT is predicted to grow from two billion objects in 2006 to 200 billion by 2020, when there will be around 26 smart objects for every human being on Earth. IBM claims that every day we create 2.5 quintillion bytes of data – according to the US definition that’s one followed by 18 zeros – and if I put that huge number into perspective, it equates to filling up 57.5 billion 32GB Apple iPads every day!!
If we think what we produce today represents big data, we need to think again. IDC’s analysts predict that by 2020 these devices will collectively consume about 44 zettabytes of data – that’s 50 times more than in 2012 (a zettabyte is a 1 followed by 21 zeros!). Furthermore, by 2020 about 1.7 megabytes of new information will be created every second for every human being on the planet.
It is clear that IoT based devices will collect a lot of personal data and, in my view, not enough is being done to build security and privacy into them. Of course, those who have committed no wrongdoing should have nothing to fear from the potential surveillance of that data by security services and police forces alike. Yet increased amounts of data can also make people, homes and businesses more attractive to cyber criminals and although hackers aren’t paying the IoT too much attention at the moment, as soon as there’s a financial incentive to doing so, I’m certain they will.
The vast majority of the public simply have no idea what type of information is being held about them and, just as importantly, where it is. Although the convenience of the Cloud appeals to many, there are still those who simply don’t understand that this means their information is not in some untouchable place in the sky, it is stored, processed and moved in terrestrial data centres, and owners and operators of these facilities have to be increasingly vigilant – not just of cyber crime, but physical attack too.
Traditional security measures have a part to play in protecting a data storage site (whether a big data centre or a company’s own smaller file servers) and these should form part of a multi-layered approach to safeguarding all stored data. Externally, perimeter fences, barriers, retracting posts at vehicle access points, CCTV cameras and manned guards can all deter a physical security breach.
Internally, CCTV, alarms, integrated access control systems and appropriately rated security doors and alarms all form part of the defence. Biometric controls, such as fingerprint and iris recognition, are beginning to replace swipe cards and can be used to monitor and record movement in a facility. Keeping the number of potential entry points to a minimum is also good practice, as is ensuring that staff are aware of their security responsibilities, and limiting access to certain areas. Software is also now available that provides local or remote control of racks and cabinets, with full event recording and a rolling 24 hour audit trail.
The IoT is transforming the everyday physical objects that surround us in ways that would have previously seemed the stuff of science fiction. Although we are still some way off seeing the full potential of these intelligent machines, consumers need to wake up to the security and privacy implications of having billions of devices collecting their data at all times, and put in appropriate measures to protect themselves.
To make it clear, I am in favour of security services having access to data to protect us from terrorist attacks but we need to build a data world where we are protected from criminals stealing that data.