Story image

The quid pro quo in the IoT age

13 Nov 2018

The phrase “quid pro quo” refers to an exchange of goods or services in which one transfer is contingent upon the other. It accurately sums up the fundamental principle of trade and commerce. It translates to “something for something”. Although introduced centuries ago its relevance to the digital economy where data has emerged as the new currency has never been more profound. 

In today’s modern marketplace, consumers don’t mind sharing their personal data with organisations in exchange for benefits. The nature and amount of data shared is dependent on the perceived value of the benefit. And laws that give consumers greater control over their data will be a conduit for that value exchange.

What does the mandate look like in practice? In energy, customers that opt to share their meter data can have their electricity bill reduced. In auto insurance, drivers can install a blackbox which monitors their behaviour, enabling users to drive down costs on insurance premiums. In banking, customers can share their data with banks and third-party providers in return for custom budgeting advice.

Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative. In fact, our recent research revealed that 75 per cent of organisations say that they consider the safeguarding of customers’ privacy to be a competitive differentiator.

The IoT gold rush

One of the greatest vehicles for mass data sharing is the Internet of Things (IoT). Gartner predicts that by 2020, the world will contain over 20 billion IoT devices, generating trillions of dollars' worth of business value. From the sublime, sensors which monitor coral depletion in the Great Barrier Reef to the ridiculous, a connected egg tray for your fridge which tells you how fresh your eggs are, the use cases are endless. 

However, in the great IoT gold rush, early adopters have largely left behind identity and access management. As a result, many organisations are scrambling to deal with the consequences as vulnerabilities are exploited which give malicious actors control over connected devices.

Another aspect often neglected in early IoT implementations is scalability and the need to keep all these devices up to it and secure.

These security concerns are hindering adoption: 60% of decision-makers feel that their organisation’s IoT deployment times have increased due to the security methods they felt were required. Security by design is an approach to software and hardware development where security is built in from the beginning and not as a bolt on after the fact. The need for security by design has elevated as companies continue to churn out a myriad of IoT objects for consumers and enterprises. Whether it’s a connected vehicle or a healthcare wearable, they can all be connected to the internet, therefore they all have a digital identity. 

Guiding principles for IoT success 

Managing and securing the IoT is a critical step for organisations looking to deliver on their digital business objectives, like personalisation and real-time data analysis.

Successful IoT implementations build complex relationships between people, devices, and services, and the only sustainable and secure method for delivering real end user or operational value from device led solutions is to enable persistent identity across all touchpoints. Legacy identity access management is not enough. Enterprises require an IoT-ready identity platform which can securely support healthcare wearables, connected cars, or whatever yet-to-be-invented “thing” customers are using now and in the years ahead. 

As IoT adoption increases, a single, unified platform will break down silos, reduce costs and accelerate time to market for feature upgrades. The seamless integration with existing infrastructure will enable organisations to leverage the full value of their current environment while extending it across new IoT capabilities. API integration with new and existing business processes will also help organisations increase automation, efficiency, and control.

As our world becomes more connected, it also becomes more complex. A fundamental shift in the dynamics of data exchange between business and consumers is taking place. Capturing the full commercial potential of the IoT will depend on addressing lingering consumer concerns over consent and privacy. In doing so, both businesses and consumers will strike gold.

Article by ForgeRock VP IoT Gerhard Zehethofer. 

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.