Getty Images

Guest Post

Building IoT strategies around trust

IoT technology can improve operational performance, safety and security, but organizations must take steps to ensure the trust of employees and customers.

Note: People evolved to rely on five senses: touch, smell, taste, hearing and vision. These senses served us through our prehistoric beginnings and our experiments in civilization, and now we amplify them through technology. IoT, in concept, opens an opportunity to connect these digital sensors with our human senses, augmenting our ability to understand our world, protect our communities and advance our culture. But will we burn out on sensory overload and cognitive dissonance? Or will we embrace our higher-definition IoT-enabled world in a way that genuinely makes us superhuman?

We are facing uncertain times of unprecedented threats. Wildfires ravage the U.S. West and floods have devastated riverside communities throughout central Europe. In addition, a global pandemic continues to stretch and, at times, break our healthcare systems. Together, these challenges put the best of our human intellect and technology to the test, but IoT's contribution in solving these problems is becoming increasingly clear.

For example, drone-based vision systems now allow us to detect wildfires early, even when they are just smoldering under the forest canopy. Algorithms then process this information alongside other inputs to model the progression of fires, much like we do with hurricanes and tornadoes. While equally imprecise, the cone of uncertainty for a wildfire still provides the better visibility needed for fast, safe and efficient evacuation.

When developing an IoT strategy, balancing privacy and security with trust is ultimately the key. An informed consumer who trusts a vendor to use information appropriately and responsibly is the only way to successfully deliver on the promise of IoT for the public good.

Tips for adopting IoT and maintaining trust in the enterprise

But what about in the private sector? How do we ensure end-user trust when we adopt similar technologies in our workplaces, hospitals and schools? Our activity is monitored with access card swipes and security cameras at the office -- if we're at the office at all. Software logs our online activity through VPN, corporate laptops and mobile devices. The reality is we openly accommodate a lack of anonymity when in public.

For enterprises looking to improve performance, safety and security by taking advantage of IoT's "senses," here are a few recommendations for an approach that can utilize the full benefits of the technology while maintaining the trust of your employees, colleagues and customers:

  • Anonymize. There's a range of identifiable information. The use case should define what is personally attributable to the individual. Key first steps include creating a universally unique identifier (UUID) for each individual, regularly rotating those UUIDs, and creating a highly secure and access-audited central repository for those UUIDs and matching personal information such as name, address and government identification numbers.
  • Aggregate. Where possible, condense and summarize data against fields that are not identifiable to the individual. Using captured or calculated metadata fields to bundle data dramatically reduces the risk of personally identifiable information (PII) disclosure while maintaining key features of the data for machine learning and modeling strategies. Organizations must also have an expert analyze data collection and aggregation practices for bias bugs.
  • Audit. We must record, audit and regularly report the who, what, when, where and why of access to attributable data or PII. Auditing must be done with regular reporting of the collected data, including the sources, technologies, format and clear explanation of the primary purpose of the data collection and any exceptions to that policy. Allow the individual to opt out where possible and appropriate. Emphasize the community or individual value they receive when they choose to share their activity.

These and other best practices should empower organizations to merge IoT-enabled technology with human-driven operational processes. A great example of this came to light over the last 18 months as the University of Illinois balanced the challenges of the pandemic with the goal of in-person, face-to-face education and the community engagement of campus life.

The Safer Illinois app, built by the university's Urbana-Champaign technology team, provides a platform for the convergence of student and faculty contact tracing, vaccination verification and the delivery of the university's innovative Shield testing system.

Users of the app receive notifications of possible COVID-19 exposures discovered through anonymous contact tracing using device and network sensors. Understanding the proximity and duration of exposure is almost impossible otherwise, and the Safer Illinois app provides the transparency around security and trust required for widespread adoption.

The app also verifies compliance with county guidelines for testing and vaccination, allowing or denying access to campus buildings and facilities. While this stops short of a "digital passport," it drives home the point that our suspicion of technology and concerns for anonymity are negotiable in certain situations. Our data is our data, but when it benefits us or the community, people are willing to share for the greater good. As technology providers, we hold the responsibility of securing, anonymizing and providing visibility and transparency into our fair use of data, information, knowledge and wisdom based on the digital observation of our fellow humans.

About the author
Brian Gilmore is director of IoT product management at InfluxData, the creators of InfluxDB. He has focused the last decade of his career on working with organizations around the world to drive the unification of industrial and enterprise IoT with machine learning, cloud and other transformational technology trends.

Dig Deeper on Internet of things security