The Internet of Things (IoT) has an important role to play in the future of information security. It will extend the reach of the Internet into devices and systems not previously considered ‘at-risk’, but also deliver an additional integrated security layer. On top of all this, it will play a role in monitoring the vulnerability of advanced mechanisms that are in vogue.
The IoT was traditionally thought of as industrial rather than consumer. With clear origins in manufacturing, due to its use of sensors to monitor machines early IoT provides centralization, remote management and data-driven insights. However, now as it transforms into the Internet of Everything, it has the potential to redefine the way we control, drive, monitor, and secure machines and environments today—far beyond a manufacturing-only focus.
When it comes to monetary transactions in particular, IoT provides data-driven insights and tracking that enable users to take precautionary actions to avoid untoward incidents. The old security measures – keys, signatures, passwords, PIN numbers – can no longer provide enough protection. With IoT, there are now sensors that enable users to lock and unlock things with biometric scans, track heartbeat, footsteps and gait with wristbands, and pay for goods without handing over cash or cards.
In our private security domain, here are four things that are fading out amid the rise of IoT and its promise to make things smarter:
Using IoT, services such as ApplePay and now Android Pay permit digital transmission of a credit card authentication code, eliminating the need for a physical card to complete a transaction. There is no actionable credit card information on the device and it is practically used only to link it to the bank account. Therefore, the need for physical credit cards is gone. However, what about online shopping with credit cards? Exactly the same applies, and we are already seeing this with the use of electronic intermediary services such as PayPal. If it can be used in the physical point of sale (PoS) experience, it can also be used in ecommerce.
PINs and passwords
Whether it is a complex alphanumeric password or a simple four-digit PIN – this method is simply not secure. People commonly make the error of writing their passwords or PINs down, or use the same codes across multiple sites, services and cards. To try and combat this risk, banks are beginning to explore the IoT. For example, UK-based Halifax bank ran an online banking pilot that made use of a heartbeat. It used electronic wristbands that authenticated access and transactions using a customer’s recognized heartbeat.
The band, which looks like a watch, authenticates the wearer by identifying his or her unique electrocardiogram signal, when it is first placed on their wrist. Another set of sensors detect whether the person is still wearing the band, and shuts the device down if a detected electrocardiogram is not recognized. According to Halifax, the technology is superior to fingerprints or iris scans as the heartbeat naturally provides strong protection against intrusions and falsification.
The locks and keys to homes, cars and machines can be replaced by IoT and be made more secure. IoT combined with mobile technology can enable consumers to lock and unlock their possessions by using the fingerprint sensor on a mobile phone, via Bluetooth authentication or even via simple proximity of a verified device.
Biometrics are already a popular method for identity verification; many passports now include biometric data. However, biometrics can be remotely checked to verify the identity, making physical ID cards, passports and other identity documents ultimately redundant. There are drawbacks to this approach: if your password gets hacked, you can easily change it, but if your fingerprint signature or your heartbeat pattern data is stolen, you cannot change it.
With these changes in our environment, both consumers and businesses will have to adapt and embrace the benefits of IoT. Consumer-oriented industries such as banking, retail and healthcare are changing, but it doesn’t stop there. Business processes such as assembly lines and shop-floor systems are changing too. Wherever identification and confirmation is needed, IoT will play a role and enterprises and consumers both must be ready to embrace and change across culture, processes and security.
(Gordon Muehl is vice president of Industrial Internet for Infosys)
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access