The IoT Brings Opportunities and Security Concerns

The Internet of things (IoT) continues to gain traction as companies look to leverage the possibilities of linking millions of assets, products and other “things” via the Internet.

At the same time, the security implications of IoT are a key issue. How do you ensure the protection and privacy of all the data that’s moving from machine to machine, or data that’s being accessed via corporate networks? Organizations will need to keep the data security requirements top of mind as they launch IoT initiatives.

The potential benefits of IoT are clear. “IoT promises to offer an unprecedented level of granular, real-time data that improves any business or planning processes for a company that has any logistical dependence,” says Mike Spanbauer, vice president of research at NSS Labs, an information security research and advisory company.

One prime example Spanbauer cites involves delivery service companies that are driving rapidly into IoT with route planning systems that update their delivery paths based on current traffic or weather and an individual truck’s current fuel levels. Other industries, such as retail and health care, can also see great uses for IoT.

“For years now, retailers have sought to capture behavioral data through loyalty programs and thus coupon or incentivize add-on purchases,” Spanbauer says. “Take this concept a step further to health care, where new mobile devices capture many health metrics and can synchronize with your doctor to assist with checkups and predict recommended behavior.”

But IoT also comes with security risks. “Adequate security means a lot of different things, depending on vertical, risk thresholds and markets,” Spanbauer says. “In short, it’s about handling assets, and being able to identify the data paths, the control points between them, and the requirements of the data in transit or between those points.”

At a minimum, if the data requires security, then encryption is a baseline to start from, he advises. “Basic encryption is relatively simple to implement today, with 128- and 256-bit key algorithms adding little overhead,” he adds. “The first step is auditing what’s in place today, knowing what is proposed, and then how to gracefully and reasonably manage the addition of data or assets as required.”

Collecting Data on Workflows

Health care provider Florida Hospital Celebration Health is leveraging radio frequency identification (RFID) and real-time location systems (RTLS) technology from Stanley Healthcare as part of an IoT project to collect data related to the workflows and movements of its staff, patients and assets.

Initially, the organization is using IoT in its “Living Laboratory Campus” to better understand the technologies in multiple use cases for potential expansion throughout its system based on the return on investment, explains Ashley Simmons, director of performance improvement. “The key drivers for this initiative are around the two [most costly] areas in health care operations: labor—our people—and supplies and equipment,” she explains.

The organization is focusing on areas within these two domains such as nurse workflow and patient care activities; workflow impact on outcomes and patient experience; operating room patient throughput; rental equipment utilization and management; equipment real-time locating; and auto temperature monitoring for pharmacy products.

One of the benefits Florida Hospital has seen so far is an increased understanding of nurse/labor utilization based on patient diagnoses and other factors. It’s using this insight to improve nurse assignments and productivity, and to more effectively adjust shift duties by role and hour of day.

The data involved in the project is secured under IT management and IT security policies, Simmons says. “Access to reports and data is limited to the IT and Innovation team folks who need access to mine the data and provide reports to lead improvement initiatives,” she says. “Employees being monitored have access to their own data via a secure Web portal that’s only accessible while on our network with proper authentication.”