The Role of Cybersecurity in a Data Driven Economy

The purpose of this blog is to provide insights into the need in a data-driven economy for a heightened awareness of an organization’s responsibility to protect and secure their data “assets,” especially those deemed strategic to the business. Many organizations depend on Industry 4.0 technologies such as Internet of Things (IoT) platforms for data collection and analytics. 

As data in an organization or ecosystem continues to gain value and becomes available for monetization, the need to ensure its confidentiality, integrity, and availability must be considered a vital tenet of any data-driven business strategy. Organizations are assigning capital value to data assets, and in a climate where data breaches are commonplace, Cybersecurity is not only an IT function – it drives the bottom line.

Organizations that view Cybersecurity as a pivotal contributor to business value and not just a “check in the box” compliance item will see adding return on their investment in the Data Economics. Data Security is critical to protecting intellectual property, upholding a supply chain’s integrity, maintaining high availability of a manufacturing environment, and providing digital trust is required to do business with their consumers. 

Security Considerations for the Data Economy Framework

The following Data Economy Framework is developed to characterize companies, their roles, capabilities, and overall trends in how they interact in the data economy. The diagram below identifies key Cybersecurity considerations for each of the framework roles. Each of these cybersecurity considerations ties to elements of a cybersecurity program in the organization.

Figure 1: Data Economy Framework – Cybersecurity Considerations

Three best practices for implementing security 

1. The first step is to understand the organization’s business use cases; this enables a better understanding of risk and regulatory compliance requirements.
2. The second step is for an organization to ensure visibility into their IoT infrastructure and the data they generate.
3. Thirdly, organizations need to deploy proven security controls across their IoT environments to harden systems, protect and monitor systems and data, and maintain security hygiene.

Data Presenters – These organizations are looking to build relationships by directly interacting with their customers or consumers that use IoT devices and products.

Security considerations: 

• Fraud protection, criminal detection
• Application security testing for web, mobile, and cloud vulnerabilities 
• Application scanning and Application Security Management
• Identity & Access Management for APIs, users, and devices

Insight Providers – Insight Providers, generate value from advanced analytics such as machine learning algorithms and statistical models. As advanced analytics capabilities and cognitive computing become embedded in devices, Insight Providers will continue to be adversely affected. Data Presenters, device manufacturers, and software vendors will look to build more ingrained relationships with their customers or consumers and offer insights as part of their overall value proposition. In the long term, it will embed data analytics with software licenses or devices. 

•  Insight providers use advanced analytics (Machine Learning, Artificial Intelligence models)
• Use outside data to help deliver better results, can be industry/taxonomy specific
• Competition may try to integrate insight provider technology into devices, data platform, data presenter offerings

Security considerations: 

• Secure communications to and from Platform Owners/Data Presenters
• Data Confidentiality, Data Integrity, Data Availability 
• API protection for cloud services  
• Identity & Access Management

Platform Owners – An IoT platform is the software backend solution where data from devices collect data, analyze it, and interpreted it at scale to generate insights and perform actions. These IoT platforms are deployed on-premises or in cloud environments. 

Security considerations: 

• Application security testing for cloud vulnerabilities
• Data Privacy & Protection
• Sensitive information stored (i.e., data at rest) in the cloud must be encrypted.
• Secure APIs for cloud services
• User & device identification, authentication, and encryption or IoT devices
• Privileged Identity Management

Data Aggregators/Data Custodians – These participants are responsible for receiving and storing data. IoT devices have limited data storage capabilities, so the bulk of the data acquired by IoT devices need to be held within various data storage technologies. IoT devices communicate with each other over internet network traffic, ingesting incoming heterogeneous data from data producers. The IoT services and applications capture the data for further processing and storage. 

Security considerations:

• Data must be transmitted and stored securely to maintain data integrity and privacy, using secure protocols and encryption
• Database Access Management 
• File Access Management 
• Data Protection for Big Data platforms

Data Producers – These are organizations that assess, control, and collect data. These are focused on IoT devices (e.g., embedded chips, attached sensors/wearables, mobile phones, and gyroscopes). IoT devices and Big Data applications produce enormous amounts of heterogeneous data, a mix of data formats, including structured and unstructured data. These “smart devices” can communicate to a service via internet connectivity.

Security considerations:

• Device layer security is the layer for the IoT hardware or product, including the device’s software. This layer also could include physical security protection to guard against tampering if an intruder gains physical access to the device.
• Secure communications – Secure user & device authentication, authorization, and access management

Risk is enormous with IoT, both physical safety and security risks. Cybersecurity is becoming a challenge for organizations going through the digital convergence of IT/OT/IoT technologies. 

Within the Data Economy, data confidentiality, integrity, and availability are essential for data protection. Organizations who are players within the Data Economic framework must protect and secure their business value data. Data is vital to growing their business in the data-driven economy and avoiding costly security breaches, resulting in revenue loss, damage to the brand, and fines due to noncompliance with regulations. 

Cybersecurity is a crucial contributor to the rise of the data economy. It unleashes an organization’s ability to drive value through data monetization, specifically with the Internet of things (IoT) data.

Ervin Daniels

Cybersecurity Architect with over 25 years of Technology and Security leadership and hands-on experience across various industries (retail, public, financial services, and technology).