The next layer to cover in my blog series on IoT Device Security Considerations and Security Layers is that of Storage and Data.
Breaking IoT down to a basic form there will be two main sorts of IoT devices:
- Those with local data storage on the IoT Device
- and those without
That’s not to say that there would be a local storage system nearby such as sensors in a car having an on-board storage system for data that is then sent to a central system somewhere.
Either way, the future data economy will be huge. The IoT is predicted to create masses of data. Cisco have predicted this growing to 403 zettabytes a year by 2018.
Internet of Everything (IoE) Potential Impact on Cloud
● Globally, the data created by IoE devices will reach 403 ZB per year (33.6 ZB per month) by 2018, up from 113.4 ZB per year (9.4 ZB per month) in 2013.
● Globally, the data created by IoE devices will be 277 times higher than the amount of data being transmitted to data centers from end-user devices and 47 times higher than total data center traffic by 2018.
That’s a lot of data to secure!
When looking at Storage and Data security the main consideration on securing data should be around data relevancy and what should actually be stored. This can be done locally at the IoT device with the programme/application collecting data at specific intervals or back at a collection system that applies policies to the data and filters out the relevant data, deleting the rest (Both could be done).
(Click diagram for a larger version)
Defining a Data Life Cycle is a key part to IoT Data Security.
Security of data on the device will depend upon the local security designed. There may be nothing stopping a sensor physically being stolen or tampered with, however electronically and through software other measures can be taken.
Storing data on a centralised solution and applying a level of security around that would provide a more secure environment as data transmitted could be encrypted through the network elements used. Back end solutions will probably use standard solutions available today with well defined security standards and options available to secure data.
Where data is stored locally on the IoT device adding things like encryption at rest to data on a device may be necessary in some cases, but the flip side is an impact to the responsiveness of the device and data retrieval. This also adds to the complexity of the device and ultimately cost.
Personal security may also factor into the IoT Device solution, such as a wearable device on the wrist to record fitness data. As it is worn and secured onto the consumers wrist it may be classed as secure until the consumer went to a data point to upload their latest statistical data and analyse the results. Data is stored locally in this use case and then uploaded to a central point afterwards.
To summarise a list of considerations:
- Local or Central Storage
- Data Life Cycle
- Data relevancy
- Data retention policies
- Back end system data security
- Security by use (ie. wearables)