You are here

Connected car data targeted: How data security drives innovation

public://pictures/carole.jpeg
Carole Murphy, Evangelist, Voltage SecureData

Automakers capture massive volumes of data that, with predictive analytics, can produce valuable insights that enable you to monetize and improve products and operations, and better serve customers with new features.

For example, connected cars can now report their health status to get ahead of maintenance and keep customers safer. Sensor data can be packaged and sold to transportation agencies and cities to aid in traffic design, road maintenance, and other initiatives.

Auto IoT (connected cars) is one of the most important and fastest-growing subsectors of consumer IoT, and is expected to generate significant value to users, companies, and whole economies. With data pouring in around the clock from millions of cars on the road, auto companies are implementing data lakes and high-performance analytic platforms to capture and use real-time sensor data and other traffic, combined with historic data. 

But keeping sensitive data secure and private for use in analytics is a challenge. Security is the top barrier to IoT adoption across industries, but the connected car market is soaring, promising a continued explosion in data volumes—and risk. 

The undeniable benefits of IoT are dangerously offset by the heightened risk of data breach and the potential loss of data privacy. These issues certainly spell trouble in the form of fines and penalties in an increasingly regulated industry, as well as the associated losses related to brand damage.

According to the Upstream Security Automotive Cybersecurity Report 2019, there was a sixfold increase in automotive cyber-attacks between 2010 and 2018, marking a very rapid growth of incidents in the connected car industry. These cyber-attacks are affecting every aspect of the sector, from Tier 1 companies to OEMs, fleets, car rental firms, insurance companies, and more.

Here's how to scale data security at the pace of the IoT.

[ Learn how to close your privacy and security compliance gaps and define the line between teams in this Webinar. ]

Locked-down data protection vs. open usability

While there are many areas of risky data exposure in the automotive IoT ecosystem, there's no question that the back-end data lake presents a major target for cyber-attackers. There's the potential for organizational conflict when it comes t creating new value with open access to data for analytics, versus securing data in a locked-down, unusable mode to limit misuse and liability.

IT architects and decision makers must be able to provide trusted access to analytics platforms and data lakes while also safeguarding against cyber-attacks, as well as noncompliance with data privacy regulations such as the GDPR. Organizations that invest in IoT data analytics, then lock down access due to security and privacy concerns won't realize the desired return on their technology investments.

Using data at scale while lowering risk requires protection that scales with the data. This calls for de-identifying data as closely as possible to its source before its ingestion into analytics platforms and data lakes. This can be a powerful method to eliminate gaps in protection—masking the sensitive data elements with usable, yet de-identified surrogate values that maintain format, behavior, and meaning.

How encryption can help

Format-Preserving Encryption (FPE) makes this possible. The technique preserves characteristics of the original data, including numbers, symbols, letters, and numeric relationships that maintain referential integrity across distributed data sets.

The value of FPS lies in the ability to enable data privacy for sensitive data elements such as personal data and the identity of vehicles, while also enabling analytics on the data in its protected form, without re-identification. This benefit, in turn, means greater access can be provided to database admins, the business, and others without incurring unauthorized data exposure.

The protected form of the data can be used in applications, analytic engines, data transfers, and data stores, while being readily and securely re-identified for those specific authorized applications and users that truly require access. Yet in the event of a data breach, the protected data yields nothing of value, avoiding any privacy compliance penalties and costs that would otherwise have been triggered.

[ Data privacy regs GDPR and CCPA are the new norm. Learn best practices from top organizations for staying on the right side of the law. ]

Maintaining privacy with usable data

Note that the GDPR recommends using pseudonymization and encryption to protect personal data and help enable compliance. Pseudonymization refers to various techniques of data de-identification, where the pseudonym or surrogate data can be used in business processes and is reversible if authorized. Field-level encryption and tokenization are both methods of pseudonymization. 

Case in point: A top automotive maker success story

To address data privacy compliance for its customers, while enabling safe analytics on IoT-generated data in their data lake, a major auto manufacturer is using FPE to protect in-car sensor data, vehicle identification numbers, and geo-location data streaming from customers' cars.

The manufacturer is using the data for multiple purposes, including vehicle quality control. Engineers look at sensor data to identify potential problems in specific components or groups of vehicles, while data scientists run thousands of reports against vehicle data for internal research purposes. The auto maker predicts that the volume of real-time data to be used for this purpose will soon grow to around 20 petabytes.

Breach defense: Protect data analytics

The risk of improper data exposure to applications and users, and increased regulatory pressure, need not hold back the innovation that enables automakers to operate competitively, and with new insights.

[ Find out how to take control of credentials privilege in your organization in this Oct. 31 Webinar. You'll learn best practices, more. ]