Harmonizing Security and Connectivity in a Digital World

Stephen Taylor
connectivity and Security
Illustration: © IoT For All

Here’s an interesting exercise to start the day: Look at your checklist, calendar, or just your own mental plan and ask yourself how many items on the list you can accomplish without opening a device, being logged in to a digital account, or simply accessing some stream of data.

Whether at home or work, my list would be a short one. I imagine yours would be too.

The Promise of Connectivity

Cisco once estimated that 50 billion unique devices would be connected by 2020. Although we haven’t reached that estimate, it looks as if the number will continue to soar toward 25 or 30 billion in the next few years. Whether we call this the growth of the Internet of Things (IoT), global digital transformation, the turn of Industry 4.0, or just the 21st Century, it’s clear that widespread connectivity is part of our world now.

From a utility perspective, it’s easy to see how we got here. A connected world promises—and has already delivered—countless improvements to daily life. Here are just a few demonstrative examples of why we like having things connected:

  • Greater convenience. Think of time savings thanks to ecommerce, reduced hassle because of online billing, or even expedited communication via video chat, instant messaging, or email.
  • Improved safety. Connectivity gives remote access to dangerous environments, improved opportunity to work from anywhere during health or other crises, and longer advance-warning times before potential disasters.
  • Better use of data that already exists. Wider connectivity is helping remove dead-ends like data silos. As a result, existing pools of information can be fused and cross-pollinated to generate new insights—insights that depend on data access and the technologies to share insights.
  • Generation of new data. You can almost think of this as a prerequisite to connectivity, but data generation has to start somewhere. Workplaces, communities, and homes can all benefit from gathering new types of data. Predictive maintenance, preventative healthcare, and smart traffic signals are all promising examples.
  • Bigger savings. Connectivity’s power to save money is a common thread throughout perhaps all other benefits. Whenever data access can preempt a problem, improve a process, eliminate waste, or simply save time, there’s money to be saved.
  • Platforms for new revenue. It’s not hard to find examples of data being commodified for the sake of advertisers; just look at Google, Facebook, or nearly any other corporate giant. On the other hand, new pools of data have also enabled numerous companies to create new products or opt-in services. This is how Spotify recommends new music to users, for instance.

Connectivity and data access are essential not just for the modern workplace but also for almost every activity in consumer life. The thing is, with so much data available and so much power behind it, safeguarding said data is a bigger concern perhaps than ever before. As one group of experts described it, “There is a darker side to this connectivity as well.

The Critical Need for Cybersecurity

If you approach connectivity from an IT or cybersecurity perspective, the story might take a very different turn. This is mainly because increased connectivity almost always means greater potential for a breach of privacy or security.

Every connection of devices, users, or networks represents another point of entry a malicious party could target. Each feed of data offers a source that could be ransomed or another gap that could be overlooked in the security plan. A laser focus on connectivity rarely aligns with a focus on security, where we rely on building firewalls, establishing checkpoints, and restricting access to sensitive information.

The need to safeguard data extends beyond just high-dollar, high-risk assets as well. Increasing connectivity also tends to put private consumer data on the altar, forcing consumers to either share their information or lose out on new products and services.

In the end, one of the biggest questions to answer about the ever-growing IoT is whether connectivity and security are even compatible.

What Next?

So, it’s imperative to assess the broad attack surface a connected world presents for anyone who wants to continue enjoying and expanding the advantages of connectivity. Here are three ideas for how to proceed.

1. New Security Architectures and Methodologies

In the past, IoT initiatives might have been approached using the same security pillars underlying IT, OT, or other technology systems. Connected projects of all varieties have many more options today. For instance, Virtual Private Networks (VPNs) are extremely common across industries but are now giving way to newer methodologies like Zero Trust Networks.

It’s more apparent now than in pre-cloud years that security doesn’t mean the same thing for all industries and applications. Likewise, it’s more apparent that “a single methodology cannot be followed” to secure all types of connected systems equally. Hence, it’s not surprising to find more varied and innovative approaches to security now.

The IoT ecosystem, as an example, is still struggling to set or adhere to wide standards of any kind. Still, interest groups and consortia like the Cloud Security Alliance have identified over 150 specific security controls—many of them very new—to account for connectivity across devices, new networking technologies, and cloud-based applications.

New protocols and architectures won’t instantly solve every security conundrum, and the search for yet newer methodologies likely won’t ever stop. However, we now have security strictures that are truly designed for a connected world, so the opportunity to secure those connections today is more and more promising.

2. Build with Security In Mind First

Building with security in mind might be simpler than it sounds, though not necessarily easy to do. This mostly means a) asking serious security questions before you begin, b) understanding what should actually connect to what, and c) adopting a paradigm in which cybersecurity is “a state of mind, not an add-on.”

As it happens, failing to look ahead is all too common in digital transformation and IoT projects. If, on the other hand, security considerations inform what networks and services you use, what applications you build, and which endpoints are accessible by design, you’ll be cultivating a powerful level of foresight from the start.

3. Accept Data Silos

One of the biggest advantages of a more connected world, as mentioned above, is access to data that has often been unreachable in the past. In a rush to connect everything and analyze all the world’s data, it can be easy to forget that sometimes it might be better for data to stay sequestered.

We might not even think to call something a data silo when the data in question is isolated by design. Think of banking information, medical records, personal identifiers, or even something as simple as a student’s grade reports at school. While there’s value in connecting many of these data sources to something, that doesn’t mean we should connect everything to everything else.

The goal should be effective data governance, not just universal connectivity, so accepting data access and connectivity restrictions will often make sense for all parties involved.

In Sum

Almost every week, I have a moment or two when I wish two-factor authentication didn’t exist and I could log in faster. I also wonder almost daily what the risk is of sharing this or that piece of information, accepting the terms on one more web service, or just making one more Google search.

It might seem as if security and connectivity are irreconcilable opposites. But for now, at least, they don’t have to be.