Robert Stroud

The privacy and security risks posed by the Internet of Things will pose a growing challenge for IT security professionals managing online transactions and relationships in the coming years, ISACA's Robert Stroud says.

The Internet of Things - only 16 percent of respondents to an ISACA survey know what it is - refers to various devices such as GPS systems, electronic toll devices and smart TVs, to name a few, that are connected to the Internet. Cisco Systems estimates that 50 billion objects will be connected to the Internet by 2020.

"One risk is going to be privacy," says Stroud, chair of ISACA's COBIT Growth Task Force, in an interview with Information Security Media Group (see transcript below). "Who has our information and how are they using it?"

ISACA, an association that develops information systems and security practices and guidance, has issued a new study, Risks and Rewards of the Internet of Things, which shows the shift in perception about risk and privacy as the world becomes increasingly connected through the Internet of Things.

"As this Internet of Things starts understanding the inter-relation of things, your data privacy is going to be a real issue in terms of understanding who has it and how they're using it effectively," Stroud says.

Managing the vast amounts of devices connecting online will be a key hurdle to overcome. "In the Internet of Things, we're going to be making connectivity or decisions on identity by a set of inter-connected objects," Stroud says. "This requires the effective identification of the consumer of the service."

In the interview, Stroud discusses:

Benefits and risks to individuals and organizations posed by the Internet of Things; Governance challenges the Internet of Things presents to enterprises; Safeguarding privacy.

Stroud is a member of ISACA's Strategic Advisory Council. A past international vice president of ISACA, he serves on ISACA's Framework Committee. Stroud is also a governance evangelist as well as vice president of strategy, innovation and service management at CA Technologies.

Defining the Internet of Things

ERIC CHABROW: ISACA decided to use this year's barometer to explore the Internet of Things. The Internet of Things is more than just various devices, GPS systems, electronic toll devices and smart TVs connected over the Internet, right?

ROBERT STROUD: Yes. The Internet of Things is becoming a total inter-connected web of devices that we all deal with every day. We're all very familiar with the basic things that we've got, like you just mentioned. We're seeing more of that. We're seeing homes connected on the Internet of Things, our vehicles ... and things that we buy in stores, a virtually and totally inter-connected the world.

Lack of Awareness

CHABROW: Your survey shows that fewer than one in five Americans are familiar with the term "Internet of Things". From the security, risk or privacy perspective, should that unawareness matter?

STROUD: I'm a glass-half-full person, so I like to look at the side of the coin where people are aware of it. But the reality of it is that people should be aware that the Internet of Things is coming into their lives and it's going to be something that's going to be an opportunity for them to do things faster and cheaper. On the converse side, it's going to be an area where they're going to have to watch some things like privacy issues. What's happening with their information? Is their identity secure? Like you would manage your identity today, you're going to have to look at that in the future.

Then there's the other aspect of security. You might want to be concerned about some aspects of people knowing about the security of your devices and the total dependence on the Internet of Things that may follow will lead up some interesting comparisons of safety vs. realities as we move forward into the future, how these devices connect together and the outcomes of that inter-connectivity.

Providing Personal Information

CHABROW: I guess it's a new way of thinking. I'm aware of what I do when I use banking. When I use Netflix, to me it feels like I'm using cable; but in reality I'm using one of the Internet of Things, my smart TV, to access information which may be a show. But there may be also information about me out there, right?