Auto manufacturers capture massive volumes of data that, with predictive analytics, can produce valuable insights to monetize, and improve products, operations, and better serve customers with new features. For example, connected cars can now report their health status to get ahead of maintenance and keep customers safer! Sensor data can be packaged and sold to transportation agencies and cities to aid in traffic design, road maintenance, and other initiatives.
Auto IoT (connected cars) is one of the most important and fastest growing sub-sectors of consumer IoT, and expected to generate significant value to users, companies, and whole economies. (Source: NDP Analytics, Interoperability and the Internet of Things, NDP Analytics, December 2017) With data pouring in around the clock from millions of cars on the road, auto companies are implementing data lakes and high performance analytic platforms to capture and use real-time sensor data and other traffic, combined with historic data.
Automotive Industry Targeted
But keeping sensitive data secure and private for use in analytics is a major challenge. According to the Upstream Security Automotive Cybersecurity Report 2019, there is a 6X increase in automotive cyberattacks between 2010 and 2018 – very rapid growth of incidents in the connected car industry. These cyberattacks are impacting every aspect of the sector from Tier 1 companies to OEMs, fleets, car rental, insurance companies, and more.
Security is the top barrier to IoT adoption across industries, but the connected car market is soaring, promising a continued explosion in data volumes—and risk. The undeniable benefits of IoT are dangerously offset with the heightened risk of data breach and potential loss of data privacy that will certainly spell trouble in the form of fines and penalties in an increasingly regulated industry, not to mention the associated losses related to brand damage.
Locked-Down Data Protection vs. Open Usability of Data
While there are many areas of risky data exposure in the automotive IoT ecosystem, there’s no question that the back-end data lake presents a major target for cyber-attackers. With this realization, there’s potential organizational conflict between creating new value with open access to data for analytics vs. securing data in a locked-down, unusable mode, to limit liability of misuse.
IT architects and decision makers must be able to provide trusted access to analytics platforms and data lakes, while also safeguarding against cyberattack as well as non-compliance with data privacy regulations such as the GDPR. Organizations that invest in IoT data analytics, but then lock down access due to security and privacy concerns, cannot realize the needed returns on their technology investments.
So how can we scale security at a speed to support the growth of the business?
Using data at scale while lowering risk requires protection that scales with the data. This calls for de-identifying data as close as possible to its source before ingestion into analytics platforms and data lakes. This can be a powerful method to eliminate gaps in protection, masking the sensitive data elements with usable, yet de-identified surrogate values that maintain format, behavior, and meaning.
Voltage Hyper Format-Preserving Encryption (FPE) makes this possible, preserving characteristics of the original data, including numbers, symbols, letters, and numeric relationships that maintain referential integrity across distributed data sets. The great value this delivers is the ability to enable data privacy for sensitive data elements such as personal data and the identity of vehicles, while also enabling analytics on the data in its protected form, without re-identification. This benefit in turn, means greater access can be provided to DBAs, to the business, and others without incurring unauthorized data exposure.
The protected form of the data can be used in applications, analytic engines, data transfers and data stores, while being readily and securely re-identified for those specific authorized applications and users that truly require access. Yet, in the event of a data breach, the protected data yields nothing of value, avoiding the privacy compliance penalties and costs that would otherwise have been triggered.
Maintaining Privacy with Usable Data
It is notable that the GDPR recommends pseudonymization and encryption as mechanisms that can be used to protect personal data and help enable compliance. Pseudonymization is a term for various techniques of data de-identification where the pseudonym or surrogate data can be used in business processes and is reversible if authorized. Field-level encryption and tokenization are both methods of pseudonymization. Voltage format-preserving technologies excel in this category of data protection with the only NIST FIPS-validated solution on the market!
Safely Unleash the Power of Revenue-Generating Analytics!
Voltage SecureData deployments with FPE technology can use pre-built solutions for Apache NiFi, Sqoop, Spark, Flume, Storm/Kafka, MapReduce and Hive. Templates can be quickly expanded to integrate with other technologies, such as legacy IT infrastructure. User-defined functions (UDFs) enable data protection agents to be deployed natively in Teradata and Vertica. SecureData for NiFi allows analysts to graphically design and easily manage largescale data flows, by inserting encryption at the intelligent IoT edge to protect data before it moves into the data lake.
Case in Point: A Top Automotive Manufacturer Success Story
To address data privacy compliance for its customers, while enabling safe analytics on IoT-generated data in their data lake, a major auto manufacturer is using Voltage Hyper FPE to protect in-car sensor data, Vehicle Identification Numbers and geo-location data streaming from customers’ cars.
The data is used for multiple purposes, including vehicle quality control. Engineers look at sensor data to identify potential problems in specific components or groups of vehicles, while data scientists run thousands of reports against vehicle data for internal research purposes. This auto-maker’s volumes of real-time data are predicted to grow to around 20 petabytes, in the near-term, for these use cases.
Breach Defense – Protecting Data Analytics
The risk of improper data exposure to applications and users, and increased regulatory pressure, need not hold back the innovation that enables automakers to operate competitively, with new insights available. Innovative Micro Focus Voltage technologies enable auto manufacturers to safely launch IoT strategies to deliver new value, and sustain growth and innovation.
Micro Focus Universe – Register Today!
Don’t miss your chance to speak with our Data Security experts, and hear their insights on protecting data for the automotive industry, at Micro Focus Universe, our premier customer and partner event, happening 26-28 March in Vienna, Austria. Register today, and follow the action on Twitter with the hashtag #MicroFocusUniverse.
Data security and encryption