Navigating Data Security in the Connected Home and Building
September 4, 2018 prod360
Authored by Sam Salem, Senior Director – Technology and Strategic Development, Connected Consumer Technologies, Jabil. This article originally appeared on the Jabil Blog on July 24, 2018.
The connected homes and buildings that were once considered science fiction are finally seeing the light of day. However, now that a connected future is here, consumers are slow to adopt the technology and skeptical about the devices furnishing their surroundings. In many cases, they are worried about data security—and rightly so.
Consumers become warier about data security with every breach, whether it happens at a credit card company, a store or a website. When you consider the frequency of data breaches around the world, it is easy to understand that consumers have plenty of cause for data security concerns.
Data breaches are becoming frequent occurrences. Gemalto Security’s Breach Level Index reports that the total number of records breached every second, minute, day and hour nearly doubled from 2016 to 2017. It also estimates that more than 9.7 billion records have been lost or stolen in the last five years.
Improper Data Use Looms Over the Internet of Things
In addition to data breaches, there are also instances of improper data use. Earlier in 2018, Facebook was involved in a controversy related to how Cambridge Analytica obtained, used and allegedly retained information about 87 million Facebook users, according to CNBC. Considering the massive amounts of data received by the platform, it’s easy to understand consumer concern.
In light of all of this, some consumers are approaching connected devices with extra caution as well—especially when data-collecting technology partakes in every aspect of how we live, work and play. Before they bring these smart devices into their homes, consumers want to ensure their personal information and data will be secure. In addition, they want to feel confident that Wi-Fi enabled devices, such as smart thermostats or security cameras, won’t inadvertently give malicious actors easy access to their homes.
Connected Home and Building Solution Providers Respond to Data Security Concerns
Recent events also have changed the way manufacturers think about collecting data from consumers. In Jabil’s 2018 Connected Home and Building Technology Trends Survey, 69 percent of participants noted that the recent focus on data privacy has made them rethink their plans to collect and use data from smart devices. This trend was even stronger for companies that manufacture connected devices for consumer use, probably because both recent events dealt with consumer information.
The European Union’s (EU) General Data Protection Regulation (GDPR), which took effect in May 2018, requires all companies that do business online with or market to individuals in the EU to take extra steps to protect users’ personal information. At its core, the regulation requires companies to:
- Explain what user data will be collected and how it will be used
- Require individuals to give clear consent to have their data collected
- Allow individuals to submit requests to have their data deleted
- Safeguard any collected data and promptly notify users of data breaches
Although the rule was created by the EU, it applies to all companies around the world that are trying to connect with people in the EU.
In response to these events, of those solution providers rethinking plans to collect and use data, 55 percent said they will monitor market sentiments to understand what their consumers find acceptable when it comes to data security. Sixty-two percent said they will be more careful about rules and regulations governing data security and privacy.
Although the GDPR has furthered the discussion about data privacy, no additional regulations have been enacted yet. Most countries do not have any regulations guiding the Internet of Things (IoT) or protecting consumer data. In the U.S., there are some guidelines for how a connected device should be designed, but there are no mandates to follow these guidelines. However, considering the growing number of data security issues, governments worldwide could conceivably choose to step in and add regulations to protect consumers.
Designing Connected Home and Building Solutions with Data Security in Mind
Due to the fact that there are currently no minimum requirements for smart devices, there isn’t a standard of implementing cybersecurity into these devices. Many manufacturers approach cybersecurity from a cost and value perspective. If the cost of adding a data security chip outweighs the value the company will gain for the added feature, the designer will not add it to the product. Similarly, if the end-user is not willing to pay more for a high-security device, the manufacturer does not stand to financially gain very much from incorporating extra cybersecurity protocols.
One less costly security option that we’re experimenting with at Jabil is using digital authentication certificates. This method does not add a hardware cost to the product. Instead, these certificates are codes that you can inject into the products at the factory-level during production. The codes digitally certify the products and create a secure link with the receiving end.
As the IoT market evolves and more consumers are willing to convert to connected homes, market demand for cybersecurity features will undoubtedly increase, which will give manufacturers the justification they need to build more secure products.
Collecting Data Presents New Business Opportunities
Despite its risks and challenges, data collection can be beneficial to both solution providers and consumers. Nearly 60 percent of Jabil survey respondents said they plan to use collected data to identify and solve problems with devices and connectivity. More than half plan to use it to understand user behavior and guide product development, while 45 percent will use it to provide reports to end-users. In these cases, data collection will beget better user experiences.
Data collection goes beyond improving user experiences. Device manufacturers also see opportunities to use data to build new revenue streams:
- 34 percent of participants plan to connect the big data to retailer databases for cross-selling and cross-branding opportunities
- 31 percent want to use the information for marketing and thought leadership insights
- 25 percent plan to sell the data to determine supply and demand trends
These strategies also have some value for consumers. For example, a smart refrigerator participating in a cross-selling program could remind a consumer that they are running low on milk and offer coupons or advertisements for sales at local stores. This adds a level of convenience for the consumer.
However, if brands plan to share and sell consumer data, it is important to make the consumer aware of how their data will be used. According to a 2018 survey of 2,000 U.S. consumers by enterprise technology provider Ooma, 72 percent of people who already have smart home security systems worry their providers will use the devices to invade their privacy. Manufacturers could take a page from the GDPR and include clear, easy-to-understand terms and conditions with their connected home and building solutions that explain the risks and benefits of the device’s data collection approach. This can help build greater trust between users and the device, plus help the users better enjoy the convenience the system provides.
Data Security Begins at Collection
When asked about their plans, 99 percent of solution providers agree that their products will collect data. However, there is no consensus on where this data will be stored. About two-thirds plan to store the data on the connected device itself, which is the most frequently reported form of data collection. But it is also common for the data to be collected in the cloud, in on-premises infrastructure or on a local device such as a smart phone or laptop. Solution providers will need to take necessary steps to ensure data is secure and private—no matter where it is housed.
There are always going to be skeptics who choose to opt out of the latest smart devices for privacy reasons, but it’s unlikely that these individuals will be in the majority. If you think back 10 years ago before Facebook really rose in popularity, most consumers would not have been comfortable telling people that they are away from home and staying at a certain hotel. Now, there are 70 billion transactions happening on it every day. This has changed the way people interact with the world and made them more comfortable sharing their world with close friends, acquaintances and even strangers. In just a few short years, more consumers will be accustomed to connected devices in their homes as well.