Is the Internet of Things about to control the planet?
Apparently it’s no accident that Skynet in the Terminator movies choose 2017 to destroy the human race by launching Genisys, a global operating system designed to trick consumers into handing over control of their computers, phones, TV sets and all their other devices.
Sound like the Internet of Things (IoT) to you? Between now and 2017 we’re expecting about 50 billion new devices to come online. Since there’s bound to be some teething problems with security, it’s actually the ideal time to launch a global cyber attack to take over the planet.
OK, perhaps the IoT isn’t really a platform for world domination. But look at what disintermediation from Google, Apple, Amazon, Facebook, Uber and Airbnb has already done to traditional businesses. The IoT presents yet more opportunities for disruption – even to disrupt the disruptors if you’re really smart.
So now is the time to dispel a few misconceptions and get your house in order. Get your identity and cyber security infrastructure up to speed. Because digital identity is the key to the IoT and security, privacy and customer control will be powerful market differentiators.
1. It’s not just about the device
You might think that if you don’t manufacture things, then the IoT won’t impact your business much. Wrong! The device itself is almost irrelevant – it could just be used as point of control and/or for data collection. More important are the digital services that IoT devices are connected to, increasingly provided by third and fourth parties. In fact, most organisations, including yours, will be part of one or more IoT ecosystems.
2. It’s about monitoring, not control
Right now, most Internet-connected things are collecting information. Your smart TV is watching you as much as you are watching it. Once collected, data is exposed at multiple connection points. Hopefully, this is transparent to the user of the device, but users may not always be properly informed or given a real choice about what information is collected and how it is used. So although you may not be able to control it – you should ‘watch it’.
3. The ‘thing’ is just the tip of the iceberg
Consider a fitness device. That involves two devices per user, the fitness device and a smartphone, right? But then there’s a big data repository in the cloud and an app for that. There’s the third-party services that leverage the cloud data – like Strava if you’re a cycling enthusiast. These services have their own ecosystems of third-party apps – we call them fourth parties – which also abstract and share useful information. And, since we’re only talking about one device, let’s multiply that by 10 or more to estimate a consumer’s total number of IoT connections. What does that add up to? Help me, someone!
4. Everything has to have an identity
You need to be able to identify the device to manage it, secure it, and patch it or upgrade it to keep ahead of cyber threats. You also need to identify who can access the device. You may need access to a home security device but so might the kids and what about the cleaner. Then there’s the identity that controls access to the device’s big data, the identities associated with the third party providers and their authorisations, and the identities associated with the fourth parties and sharing preferences.
5. How you manage security is the big issue
I won’t lie to you, some IoT devices will be hacked, just as some computers get hacked. That’s why cyber security is important, but it’s not the biggest issue. The big one is actually how you manage the process of securing ‘things’ and the information they collect and expose to multiple connection points. With privacy now paramount, this probably represents the biggest potential for organisations to fail to meet the expectations of their customers.
6. Security will be a differentiator
Imagine that you have a password embedded in 20 or 30 devices and you get a message saying it’s been compromised and you need to reset it. Hmmm – there goes the weekend! We need to make things easier for the IoT so that access methods can be revoked at a moment’s notice and easily reinstated. If it’s too hard, consumers will just move on. So your identity and cyber security capabilities will be a powerful differentiator. And, by the way, usernames and passwords aren’t going to cut it.
7. Consumers need to feel in control
The IoT is going to require a mature, consumer-centric identity strategy that makes users feel that they are in control – not device manufacturers or third and fourth-party service providers. That requires highly scalable systems to manage customer permissions, preferences and privacy for new IoT devices and all their associated services.
As you might appreciate, the time and cost to adapt existing identity systems to participate in these new digital ecosystems could put you on the back foot. Now might be a good time for a revamp to give you the agility to compete.