Build digital trust to unleash the full commercial potential of IoT

The API revolution is fuelling digital transformation across a spectrum of industries and opening the way for new IoT use cases. But capturing the full commercial potential of the IoT will depend on addressing lingering consumer concerns over consent and privacy, explains Eve Maler

Application programming interfaces (APIs) are driving increasingly sophisticated digital business ecosystems as leading companies adopt APIs to build innovative applications and services. Indeed, the rise of the public API has enabled a spectrum of industries – from telecommunications and media, to finance, travel and tourism – as well as national government agencies, to pursue broadbased digital transformation strategies that prioritise new processes and workflows.

Today’s new API-powered economy is disrupting known business models. The financial services sector, for example, is currently exploring open platforms in a bid to compete with the likes of PayPal and Amazon, which have used API-driven services to make inroads into the payment industry. It’s a move being encouraged by state institutions like the UK Treasury, which recently tasked the industry-led Open Banking Working Group (OBWG) with the development of a new framework for using open APIs in order to encourage innovation and boost competition.

But while APIs are becoming the de facto integration model for IT systems, they are the fundamental building blocks of the IoT. Providing the all important interface between the ‘Internet’ and ‘Things’, APIs expose the data that enables multiple devices to be combined and connected – and that has considerable implications for cyber security.

How trustworthy are APIs?

Since APIs expose data, services and transactions, enabling assets to be created, shared and reused to build new products or offerings, it’s a given that APIs designed and built with security in mind will provide protection for every application they enable. However, the application risks multiply significantly should digital identity or authentication not be handled well.

Insecure APIs are an issue currently impacting motor vehicle manufacturers whose cars are becoming more connected thanks to on-board WiFi and integrations with smartphone apps that allow car owners to track their location or remotely lock or unlock car doors. But earlier this year, a security expert exposed how security vulnerabilities contained in the Nissan LEAF smartphone interface made it easy to run API commands via an internet connection. This would enable a potential hacker to turn on a car’s heated seats or air conditioning to drain the electronic vehicle’s battery – or easily monitor a driver’s movements.

The author, Eve Maler, is the vice president of Innovation and Emerging Technology at ForgeRock
The author, Eve Maler, is the vice president of Innovation and Emerging Technology at ForgeRock

Security flaws such as this serve to fuel consumer fears of potentially intrusive new technologies and continue to spark general concern about the risk of terrorist cyber attacks on IoT devices. Should a hacker successfully attack IoT endpoints like a medical device, a car, or a smart city’s traffic management systems, the consequences could be considerable.

But privacy and data protection issues are another primary concern for consumers and service providers alike. API developers will need to carefully consider these challenges in the context of local regulatory requirements and user needs. For example, it’s simply not realistic to expect users to utilise a companion mobile app to provide consent or configure their sharing preferences every time they interact with a smart device.

Addressing key privacy challenges

The complexity of IoT value chains, and the number of stakeholders involved in the exchange and processing of data, raises significant regulatory compliance challenges. New data protection policies are being implemented around the world in an attempt to address the IoT ecosystem, but rules about data security vary widely across global territories.

The EU arguably has the most highly developed policies on privacy and protection, and the new General Data Protection Regulation (GDPR) will drive better security and privacy in the IoT and will have a direct impact on device manufacturers, application developers and other entities involved in bringing IoT solutions to market.

Due for implementation in 2018, the new regulation requires ‘privacy by design and privacy by default’, conferring on EU citizens substantive rights in relation to their personal data – including the right to be forgotten, data portability rights, and the right to object to automated decision making. The issue of explicit consent in relation to the processing of an individual’s data is another primary consideration.

As the regulatory landscape continues to evolve, developers and manufacturers will need to be fully aware of the requirements of multiple watchdogs and regulators around the globe. Similarly, data security standards are currently being evolved to ensure that data is securely collected and that internet communications can be appropriately authenticated, utilising deep encryption to avoid eavesdropping.

Engendering digital trust

The promise of the IoT is vast, but so too is the potential for security flaws and privacy lapses. New data privacy methods and technologies will soon make an appearance in the US and the EU, and tech companies involved in creating IoT devices and applications will need to keep abreast of these changes and ensure the APIs they use are secure and compliant.

User-Managed Access (UMA) is an important new standard in this area. Defining a protection framework that features a unified control point for authorising who and what can access a variety of cloud, mobile and IoT data sources, it empowers developers to incorporate UMA protection and authorisation for API enablement into applications, services and devices. The advantage conferred by UMA is that while it protects any API on a standardised basis, it also lets people share directly with other parties or revoke access whenever they see fit. In other words, individuals can set, view and change sharing preferences from a single online control console.

Build-digital-trust-to.Companies operating in the health data-sharing ecosystem have been quick to grasp the opportunities made possible by UMA. Companies like Philips are developing IoT platforms that will transform how healthcare and medicine is delivered, enabling patients to selectively share data with family members and health professionals. Organisations like ARM are also undertaking pioneering work on developing strong trust models for sensor-to-device-toservice security.

As the regulatory landscape around security, consent and privacy standards continues to evolve, developers and device manufacturers will need to ensure that the integration APIs they use are bullet proof – and have undergone rigorous evaluation to assure end-to-end effectiveness and compliance. Those stakeholders that can demonstrate privacy compliance will win consumer trust and gain competitive advantage in an increasingly connected world.

RECENT ARTICLES

Semtech enhances global connectivity with NTN support in HL78 modules

Posted on: March 29, 2024

Semtech Corporation has announced the integration of non-terrestrial network (NTN) support into its HL series LPWA modules, specifically the HL7810 and HL7812. This significant advancement showcases a leap forward in enabling uninterrupted global connectivity even amidst the most challenging conditions.

Read more

Enhance EV charging performance with cellular connectivity

Posted on: March 28, 2024

Electric vehicles (EVs) are steadily growing their market share at the expense of internal combustion engine vehicles. The growth is fuelled by several factors. Perhaps most importantly, prices for EVs have started to drop as competition in the industry is intensifying. New players and models are emerging, prompting several established EV makers to lower their

Read more
FEATURED IoT STORIES

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more