Data Integrity: Making data-driven decisions at Internet of Things scale
As the IoT proliferates, businesses will use data passed between interconnected devices, applications and processes to determine customer context, and then collaborate through platforms to provide the intelligent products and services that customers desire in the Outcome Economy. A connected digital ecosystem, combined with edge computing and smart machine-to-machine communications, will also expand the possibilities for using data collected from IoT devices to drive significantly faster decisions. However, as businesses collect, process and analyze increasingly larger data sets from devices at the edge, they must make sure they can rely on the integrity of that data to make decisions. According to a recent Gartner survey, the annual financial impact of inaccurate and poor quality data on businesses is, on average, $14.2 million. In the world of IoT, this will only be magnified.6 In order to optimize decisions, businesses will need assurance that their edge data is accurate, authentic and complete. This is especially critical as Intelligent Enterprises transition toward using software intelligence, in which applications and tools become smarter using technologies to trigger automatic action and make more informed business decisions. Even in today’s world, entire supply chains can be disrupted if data sent by the production floor, storage warehouses or distribution channels is inaccurate because of anything from malfunctioning sensors to intentional manipulation. Compound this with the scale and speed of IoT, and the ripple effect of bad decisions based on bad data can spread quickly.
Protect data on edge devices Since many edge devices do not have effective authentication, authorization or encryption controls, businesses should evaluate the use of IoT gateways/agents that specialize in providing data assurance. FreeScale, an embedded-solution vendor, has released products that provide strong security controls, including data integrity checks, to IoT devices. The company uses a combination of cryptographic modules, trust and platform assurance technologies, and signature detection to support security requirements of a trusted IoT architecture. Qualcomm is also developing smart gateways to address IoT security requirements by incorporating strong encryption and trusted platform principles. Although the architecture and use cases of these gateways differ, each supports communication with a connected infrastructure and enables new services. Implement assurance that scales The ever-increasing flow of data and customer information needed to fuel the digital business brings with it ever-increasing security and privacy challenges. Sensors and embedded devices enhance the infrastructure’s ability to collect data, and with it the ability to run more complex analytics. As a rite of passage, businesses must demonstrate they can maintain data integrity through every stage of the data lifecycle. And if personal information is being collected from consumers, then effective data retention, usage and sharing policies must be implemented. All along this flowing river of information will be numerous opportunities for third-parties to either accidently, or maliciously, alter the data. The impact of the initial decisions could cascade beyond the local system to an enterprise network or cloud. Businesses should use data-level security approaches that enforce policies through the entire lifecycle—from creation to disposal—as potential solutions to data governance and integrity challenges. Several data-centric security technologies aim to provide data protection enforcement policies across multiple platforms. Voltage Security (recently acquired by HP), Informatica and Protegrity are examples of companies that have developed focused solutions with data-centric capabilities like data classification and discovery, data security policy management, monitoring of user privileges and activity, auditing and reporting, and data protection.7 Low quality and low assurance data adds noise to the decision-making process, increasing the overall cost of extracting insights. As businesses establish infrastructure to collect and process data at speed and scale, they should implement data assurance and audit frameworks that scale to match. Businesses must also consider adding data quality tools designed for big data applications since collecting, processing and maintaining IoT data is a big data exercise. Gartner’s Magic Quadrant for Data Quality Tools provides an insightful snapshot of the current vendor landscape and their tools’ capabilities to handle data as an asset.8
Tie IoT protocols to business models Businesses must also be aware of the data assurance limitations of communication protocols. Higherlevel IoT communication protocols like MQTT, CoAP, DDS, 6LoWPAN, ZigBee, ModBus and WirelessHart offer different security capabilities based on which underlying networking protocol is used. For example, CoAP is built on user datagram protocol (UDP) and, as a result, cannot provide protocol security such as security socket layer (SSL) or transport layer security (TLS). 6LoWPAN is built on IPv6, which has its own set of vulnerabilities. NIST’s Framework for Improving Critical Infrastructure Cybersecurity provides a mechanism for using business drivers to help guide security activities, consider security risks and select an appropriate communication protocol to manage the business risk profile.9 While the framework targets critical infrastructure operators, there are best practices applicable to businesses considering expanding their IoT footprint. As businesses deploy new edge devices and management platforms, they should also take into account data assurance limitations of the communication protocols. In order to select a protocol with the right set of features while mitigating risk, it is important to consider application deployment, infrastructure management and security requirements. Conclusion As businesses look for new ways to gain insight from data, developing and maintaining a data assurance program should be at the center of their IoT strategy. Businesses need a framework that governs data assurance across edge infrastructure and instills a higher level of confidence in datadriven decisions. To maximize the potential benefits of the IoT, Accenture recommends building a data assurance program that directly ties to the business model and enables more informed decisions based on accurate data.