by Chris Stone

How much does Alexa really know, and why should you care?

Jul 07, 2017
Internet of Things

As exciting as it is that brands are finding news ways to connect with people, doing so unleashes a myriad of new security concerns.

iot security
Credit: Thinkstock

Whether it’s reaching customers through digital signage in a New York subway station, or chatting with them on an Amazon Echo, our sensors-first world is creating new ways for companies to leave their mark. Embarking on “connected” digital initiatives is no less strategic than any omnichannel push of the past, but engaging with consumers through emerging technology raises a few more security concerns than launching an app or personalizing a website.

Acquia (where I work) recently found that 54% of companies are developing on connected devices. As exciting as it is that brands are finding news ways to connect with people, doing so unleashes a myriad of new security concerns that aren’t always top of mind when designing a product roadmap. Integrating with connected devices has its distinct advantages, but it’s a competitive differentiator that can be pursued without knowing the full story.

Security in an age of information sharing

When you take a look at some of the most trusted brands across industries, innovation may drive them forward, but security often takes a back seat. Most of the connected devices on the market aren’t encrypted, or at least not encrypted enough. I’ve come across far too many companies that turn down support for vulnerability tracking or threat detection, with no adequate means of staying on top of these initiatives themselves.

The reason we view connected devices as “the future” is because they store data in pieces of hardware you would never expect. It doesn’t take a Chief Security Officer to connect the dots that the personal information that we trust wearables with won’t stay “personal” for long. With information sharing becoming normalized, people don’t think twice about offering up their credit card number or home address. Plenty of us are guilty of this, and the odds are high that your personal information has already been stolen at one point or another. This harsh reality aside, many consumers and companies remain blissfully unaware of the risk they assume when offering up personal details to make the most of a new smartwatch or home assistant.

A blind assessment of risk vs. reward

With information sharing becoming second nature, it’s easy to overlook the consequences. Thankfully, I don’t think any company out there intends for your identity to be stolen, or to use your personal information for malicious ulterior motives. Truth be told, security threats usually aren’t known until after a hackers finds his way into the cracks of your network, database or file systems—an unfortunate scenario for both customers who lose their privacy, and companies that lose their credibility. Most of us don’t realize how risky connected devices actually are—meaning companies have begun tapping emerging technology with a fixation on the reward and shallow understanding of the risk.

The good news is there’s a light at the end of the tunnel. With the proper security protections in place, early adopters of emerging technology can strike a proper balance between risk and reward. AWS, Azure, and Google have laid the groundwork on the backend, and provide platforms that are encrypted from every angle. As new connected devices hit the market, end-to-end encryption on the device side is the next challenge. For the time being, there’s nothing stopping hackers from intercepting messages between Alexa and the brand you’re communicating with. And the more Skills being developed, the more information is being put up for grabs. As big of an undertaking as encryption may be, implementing the proper software to manage these risks remains a must.

With the amount of encryption technology entering the market, threat detection and tracking is becoming more accessible and advanced—bringing IoT security top of mind. As new technology emerges, the more companies who can offer end to end encryption across devices—connected or otherwise— the more secure our innovation ecosystem will become. This processes isn’t easy and will take time, but for companies to stay competitive in a connected digital landscape, it’s time they take action to move connected devices out of the red zone.