Before a company can successfully realize value from the wealth of information generated by IoT (Internet of Things) data, they must first understand and mitigate the risks created through interconnected devices.
For healthcare technology companies, leaving IoT-transferred data unprotected can have consequences to the very human lives they are working to improve. For industrial equipment companies, having their entire fleet connected through the internet leaves vulnerabilities for plant take over, or information interception. Existing cybersecurity measures for technology that protect the data at each device source are well-documented, but protecting the data while it is transferred is where the vulnerability lies within IoT.
Overcoming Cybersecurity Concerns: Where to Start
Existing cybersecurity measures need to be expanded and fortified to meet the new requirements, but first you need to get the customers on board. Getting past security concerns is as much about communication, as it is technical ability.
Why do you need to address security concerns in the evolution of an IoT strategy? Ideally, it starts with three components:
For both industrial equipment and healthcare technology companies, getting as much of their install base connected through the Cloud as part of the IoT strategy is a key step in achieving the outcome-based business model transformation. However, there are many barriers to this along the way, and often, conversations get stalled on security concerns.
At TSIA, we hear a lot of questions and situations from our member companies about encountering barriers around security concerns along the remote services continuum, and each company is at a different point in their journey.
Do you want to understand where your adoption process is at in comparison to the industry? Please participate in this quick poll to contribute to the research on where the industry is at in their journey to increase remote service connectivity:
Reducing Security Risks in IoT
Navigating and mitigating the risks involved in IoT adoption is a balance of technological capabilities and documented strategies to address the psychological resistance to adoption. The resistance to IoT expansion is a combination of both real technological threats and unnecessary paranoia. The biggest risks include:
- Ransomware
- Database misconfiguration
- Malware
- Phishing emails
Do these risks look familiar? They should, because they are the very same risks that IT organizations have been protecting against since mass adoption of the internet in the workplace. This journey and this transformation is not new, the security protocols in place can be expanded and fortified to protect additional devices. Even in the journey of interconnected devices, the biggest vulnerability lies in human error, which IT security protocols are already well-versed at protecting against as much as possible.
As an industrial equipment or healthcare technology company moves along the IoT evolution, there’s fortunately no need to reinvent the wheel when it comes to security. The best way to reduce the risk is to make friends with your existing IT departments and third-party cybersecurity companies. The perimeters of control and security protocols can be expanded to cover the new devices interconnected through and IoT strategy.
As an industrial equipment or healthcare technology company moves along the IoT evolution, there’s fortunately no need to reinvent the wheel when it comes to security.
Where the services side of industrial equipment (IE) and healthcare technology (HT/HHIT) can contribute to the risk reduction, is in reducing the friction in the conversation. As the service provider, you can bring context into the conversation of demonstrating the necessity of remote connectivity in order to achieve the outcome based services the customers want.
Security concerns are a part of a larger conversation. In order to get the customer on board, you need to include them in that conversation and empower them with choice of their involvement. Due to the nature of their work, it might never make sense for some companies to have full IoT cloud connectivity. But for most companies, having some percent of their devices connected and sending sensor data information to the Cloud, is going to make sense because it is the only way they will get the outcomes they desire. You can reduce the concern of most security risks by putting a well-documented data collection strategy in front of the customer and bringing them on board as a partner in the transformational journey.
We will explore how to devise that data collection strategy in a later post, but it is closely-related to our existing content on consumption analytics.
The Data Ownership Conversation: What Are You Doing with My Data?
The secondary security concern that customer may have, is around what the OEM is doing with the data that is being sent to the cloud from the sensors. This concern boils down to the question of “who owns the data?
This question should be answered in the document data collection strategy, however there is a larger philosophical underpinning that needs to be addressed. In the IoT expansion journey, the question of data ownership is not black and white; it is a shared ownership. Some companies are exploring the use of blockchain as a solution to the data ownership question.
The use of blockchain is still an emerging technology but has promise for addressing the security concerns that are a barrier to many companies. In the next blog post, we will explore the potential of blockchain and highlight examples and use cases where it has already been applied.
Most companies that are resistant to full remote connectivity of the entire install base at their site, have a heightened sensitivity to the fact that their intellectual property could be stolen. However, the intellectual property aspect of an interconnected machine, is not what the manufacturer is interested in. It is a very real concern that can be handled through communication and empowering the customer with control.
The use of blockchain is still an emerging technology but has promise for addressing the security concerns that are a barrier to many companies.
The biggest barrier to expanding remote connectivity and sending data to the cloud did not lie in technological barriers, but in psychological ones. It is easy to use security concerns as a scapegoat to resisting change.
The solution for a manufacturer or healthcare technology provider who has resistance from their customers when working towards remote connectivity, lies in how you communicate your data management plan and what you plan to do with that data. It is extremely scary to hand your data over into a black box with zero visibility and understanding to where it is going and who is doing what with it.
Let TSIA Help You with Your IoT Strategy Today
In my next post in my “IoT Strategy for Industrial Equipment and Healthcare Technology” series, I’m going to go into more detail about blockchain; what it is, and how tech companies are using it to mitigate risk with sensitive data. If you’re not already, subscribe to the TSIA blog so you can stay current on latest developments in tech from TSIA researchers.
In the meantime, please reach out to TSIA today to learn how our proven frameworks, data-backed best practices, and expert advice are helping leading tech organizations, including industrial equipment and healthcare technology companies, successfully navigate the digital transformation journey. Thank you for reading!