Marty Puranik

HIPAA Risk Assessment Guide for Smaller Practices

HIPAA Risk Assessment Guide Disconcertingly, one in four practices (25%) are failing meaningful use audits by the Centers for Medicare and Medicaid Services (CMS). The #1 reason for failure is the absence of a full-spectrum healthcare risk assessment. These assessments or analyses are important compliance
Trying to Embrace the Digital? Remember You Can’t Drive the Train from the Tender

Trying to Embrace the Digital? Remember You Can’t Drive the Train from the Tender

Embracing new digital technologies, or just moving to the cloud in your work is almost mandatory. Just remember, if you don’t have real buy-in from the top, your odds of success are low. Here are some steps to consider. Digital transformation is hard. Just trying
AR Virtual

Will Your Internet of Things Device Testify Against You?

Will Your Internet of Things Device Testify

Imagine this:  Your wearable device is subpoenaed to testify against you.  You were driving when you were over the legal alcohol limit and data from a smart Breathalyzer device is used against you. Some might argue that such a use case could potentially safeguard society. However, it poses a bigger concern about how data from the broader spectrum of Internet of Things (IoT) devices could be used against you.  Doesn’t it seem reminiscent of George Orwell’s dystopian universe, Nineteen Eighty Four where children were indoctrinated to inform on suspicious activity, only now it’s an IoT device? But, this time it’s you who chose to use the device or network of devices that could start working in concert against you.

IoT devices range from wearables such as wristbands, shirts, and goggles to a range of household and other real-world objects that are increasingly being connected to the Internet using RFID chips, barcodes, sensors, bots via mobile applications. And as the technology has become cheaper and more efficient these devices have become enmeshed in our daily lives. Runners like myself regularly slip sensors into our shoes to track our distance and times.  Many people wear fitness bands with the goal of optimizing their sleep, diet and lifestyle patterns. There is also a certain coolness and addictive factor associated with these devices and many rush to have the latest and greatest in these devices.

Data Brokers Are Waiting

What most people don’t think about is most if not all of the analysis of the data is not carried out on the device and is analyzed and often shared with third party data brokers via a cloud backend depending on the privacy policies in place.  These third parties may share information and the aggregated data used to create profiles, which at best case may be use for marketing purposes but over time what’s to stop insurers and law enforcement gaining access to this information?

Earlier this year Federal Trade Commission (FTC) Chair Edith Ramirez warned of the privacy risks when at the CES tradeshow, she posed the question ”Or will the information flowing in from our smart cars, smart devices, smart cities just swell the ocean of “big data,” which could allow information to be used in ways that are inconsistent with consumers’ expectations or relationship with a company?”   The Electronic Privacy Information Center has also written at length on the risks of the “hidden collection” of sensitive data from IoT devices.  In Accenture’s survey report on the “Internet of Things” many of the 2000 respondents polled in the United States indicated they would be willing to share personal data in return for discounts and coupons.

Transparency, Standards And Data Confidentiality

 

I am a fan of IoT and the potential a great many of these devices offer for improved quality of living and safety, health, greater home and environmental efficiencies.  However, consumers need clear standards for secure connections from the devices to a backend cloud and standards around data confidentiality, and transparency of that data stored and processed in the backend cloud.  Until these standards are in place, I encourage users to be vigilant and to press manufacturers for clear answers on the following at minimum:

  1. Will your data shared with third parties? This is particularly important for any device that collects sensitive data about you. It may be challenging given the volume and legalese of privacy policies but well worth the time investment given it’s your private data.
  2. Understand how your information is transmitted. And, once in storage, who has access to the information?  Is the information stored on a third party’s cloud?  When you stop using the device, what happens to your data?
  3. Take time to understand your device’s privacy settings. Have you configured the device’s settings maximum privacy? Are you only sharing what you are comfortable sharing publicly?

The tension between convenience and privacy is at it’s most strained and hopefully that will accelerate the move towards much needed digital safeguards.  But in the interim, a more cautious and defensive approach will help you preserve your privacy.

By Evelyn de Souza

Evelyn de Souza

Evelyn de Souza focuses on developing industry blueprints that accelerate secure cloud adoption for business as well as everyday living. She currently serves as the Chair of the newly formed Cloud Security Alliance (CSA) data governance and privacy working group. Evelyn was named to CloudNOW's Top 10 Women in Cloud Computing for 2014 and SVBJ’s 100 Women of Influence for 2015. Evelyn is the co-creator of Cloud Data Protection Cert, the industry's first blueprint for making data protection "business-consumable” and is currently working on a data protection heatmap that attempts to streamline the data privacy landscape.

Infosec thought leaders

Beyond VDI: How the hybrid cloud is forcing us to rethink an industry

Beyond VDI (Virtual Desktop Infrastructure) Before I start this blog, I want to get something off my chest. Here it ...
Impact of AI and 5G on the Possibilities of Data

Impact of AI and 5G on the Possibilities of Data

Impact of AI and 5G This blog post was made in collaboration with Intel. A smarter world is now a ...
Apcela

Direct Connect To Cloud: Solving For Performance, But At What Cost?

Direct Cloud Connect Executives embarking on the journey to becoming a digital enterprise are essentially asking IT to enable the ...
Bryan Doerr

Can You Afford the Risk of Not Going to the Cloud?

Risk of Not Going to the Cloud If you’re considering a migration to a public cloud environment, you’re most likely ...
Google Cloud Platform: Enabling APIs

Google Cloud Platform: Enabling APIs

Enabling Google APIs The Google Cloud Platform is a comprehensive tool that helps companies manage their IT resources. Completing software ...

"Top 100 Brand Influencer, Cloud”
-ONALYTICA

"Best Cloud Computing Blog"
-SYSADMIN MAGAZINE

"Top 10 Sites For Cloud Computing"
-DIGITALISTMAG SAP

"Top 10 Cloud Computing Blogs”
-MARKETING ENVY

"Top 25 Must Read Cloud Blogs"
-CLOUDENDURE