Originally published in:

Security concerns over M2M data

Security concerns over M2M data

Machine-to-machine communication throws open concerns about data security which must be addressed, writes Tom Brewster

Security concerns over M2M data

In the sedate Italian town of Bolzano, where broadband connections are a rarity and almost a quarter of the population is over the age of 65, hidden electronic sensors have been recording the environments of elderly inhabitants’ homes.

The sensors have been collecting data, such as carbon monoxide and methane levels, as well as temperature and humidity. It might sound creepy, but the overall aim is altruistic: to let folk stay in their own homes rather than being forced into care.

Those sensors, using 3G dongles due to the lack of wired internet, first send data through a gateway device that filters all the information from the community, sorting the digital wheat from the chaff. This passes recordings to an IBM cloud data centre, and then out to healthcare professionals and analysts, who access the relevant information via a mobile or desktop dashboard.

Analytics tools are able to determine normal daily patterns of the programme’s participants and send alerts when anything is amiss, such as dangerous levels of noxious gas or complete inactivity. Not only has this helped care professionals plan visits rather than stick to an unnecessary schedule, saving them time and money, it has let the retirees of Bolzano get on with their lives.

As embedded devices are so small and have limited memory, they often aren’t capable of running proper security software

These little gadgets are a remnant of a pilot project started by the local government in Bolzano and IBM. Discussions are underway to decide whether to continue with the project, but it has showed how machine-to-machine (M2M) and analytics technologies can be combined to great effect.

Excitement about layering analytics tools over the internet of things (IoT) has reached fever pitch around the world. Many have been salivating over the prospect of additional reams of data being provided by freshly deployed machines, ripe for mining. Almost every industry, whether healthcare or retail, could benefit from a better understanding of those they serve. And the rise of cheap sensors collecting information on everyday people will provide the more expansive view of the customer they so desire.

UNDISCOVERED OPPORTUNITIES

By putting analytics products in place that find patterns in the data, organisations are likely to discover surprising things, opening up opportunities they never would have thought of, says Nick Jones, of analyst firm Gartner. “Anyone who thinks they know everything they’ll be able to deduce from the IoT data their products generate doesn’t understand the potential of the space. I believe most IoT opportunities are as yet undiscovered,” he says.

Yet this might not require so-called big data analysis. And small data M2M projects are also going to open up plenty of avenues for businesses as sensors start to spread, says Dale Vile, of Freeform Dynamics. “Applications that are more based on capturing exception events rather than logging continuous streams are probably going to be more common,” he says.

Businesses are rightly worried that doing both big and small M2M analytics projects would lead to a costly storage nightmare. But according to J.P. Rangaswami, chief scientist at cloud software provider Salesforce, the costs of storage keep coming down, meaning even those without rich coffers will be able to do their own M2M data drilling.

“The price of storage is being demolished as we speak,” says Mr Rangaswami. “Secondly, in environments where there is connected learning – so you do get patterns, you do get feedback of those knowledge bases – the only architecture that can deal with this level of scale is the cloud.” Whether on-premise or off, businesses have options if they’re willing to forego some of the capital expenditure.

Businesses that do make the leap and start mining M2M data will also need to take note of  valid security concerns around protecting people’s privacy, whether it’s legitimate organisations or criminals picking through their information flying between automated machines.

EMBEDDED DEVICES

As embedded devices are so small and have limited memory, they often aren’t capable of running proper security software nor do they include update facilities, so fixing vulnerabilities simply isn’t an option. That’s why some have fretted over whether these “immortal devices” would be angelic or demonic.

For any business involved in carrying sensitive data from M2M networks to their own facility, end-to-end encryption from devices to servers is a must. This will prevent hackers siphoning off data passing along the wires or over the air. Regular audits of the software and hardware being used will be required to ensure there aren’t any vulnerabilities waiting to be exploited.

But to focus solely on privacy is to miss a key point: when it comes to M2M networks that physically change the world around them, public safety is a key issue too, says Josh Corman, a security expert who set up I Am The Cavalry to shine a light on the issue. “Given many of these technologies affect lives, I implore people to remember we should design for safety as well as privacy,” says Mr Corman. He gives the example of connected devices in a hospital, where both privacy and safety have to be considered.

Mr Corman also notes that every M2M device represents another edge of the network perimeter. Just as the rise of consumer smartphones in the workplace has led to difficulties in securing data outside the traditional confines of the business, automated machines handling business data make life more complex for IT. “Most network security is based on the assumption of a perimeter and layered controls that filter out attacks,” he says. “With M2M, you can assume no such perimeter.”

This means adopting a similar approach to dealing with the workplace bring-your-own-device trend, he says, wrapping adequate controls around the devices.

Projects such as I Am The Cavalry seek to encourage best practice among IoT users and vendors. The government is interested in ensuring IoT data security too. Launched in June by 40 firms with the backing of the government’s Technology Strategy Board, the HyperCat specification has been created so machines can easily talk to each other in standardised and secure ways.

It’s these kinds of standards that will start to build trust across networks. That’s why the whole industry needs to work together to ensure they are adopted, making the M2M world safer for everyone.

As seen in

Internet of Things Download this report

Most read

Latest opinions

21 Appreciate?

Written by Tom Fox-Brewster

Freelance journalist covering information security, whose work has appeared in The Guardian and WIRED, he was named BT Security Journalist of the Year in 2012 and 2013. Read more articles from Tom.