Story image

The quid pro quo in the IoT age

13 Nov 18

The phrase “quid pro quo” refers to an exchange of goods or services in which one transfer is contingent upon the other. It accurately sums up the fundamental principle of trade and commerce. It translates to “something for something”. Although introduced centuries ago its relevance to the digital economy where data has emerged as the new currency has never been more profound. 

In today’s modern marketplace, consumers don’t mind sharing their personal data with organisations in exchange for benefits. The nature and amount of data shared is dependent on the perceived value of the benefit. And laws that give consumers greater control over their data will be a conduit for that value exchange.

What does the mandate look like in practice? In energy, customers that opt to share their meter data can have their electricity bill reduced. In auto insurance, drivers can install a blackbox which monitors their behaviour, enabling users to drive down costs on insurance premiums. In banking, customers can share their data with banks and third-party providers in return for custom budgeting advice.

Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative. In fact, our recent research revealed that 75 per cent of organisations say that they consider the safeguarding of customers’ privacy to be a competitive differentiator.

The IoT gold rush

One of the greatest vehicles for mass data sharing is the Internet of Things (IoT). Gartner predicts that by 2020, the world will contain over 20 billion IoT devices, generating trillions of dollars' worth of business value. From the sublime, sensors which monitor coral depletion in the Great Barrier Reef to the ridiculous, a connected egg tray for your fridge which tells you how fresh your eggs are, the use cases are endless. 

However, in the great IoT gold rush, early adopters have largely left behind identity and access management. As a result, many organisations are scrambling to deal with the consequences as vulnerabilities are exploited which give malicious actors control over connected devices.

Another aspect often neglected in early IoT implementations is scalability and the need to keep all these devices up to it and secure.

These security concerns are hindering adoption: 60% of decision-makers feel that their organisation’s IoT deployment times have increased due to the security methods they felt were required. Security by design is an approach to software and hardware development where security is built in from the beginning and not as a bolt on after the fact. The need for security by design has elevated as companies continue to churn out a myriad of IoT objects for consumers and enterprises. Whether it’s a connected vehicle or a healthcare wearable, they can all be connected to the internet, therefore they all have a digital identity. 

Guiding principles for IoT success 

Managing and securing the IoT is a critical step for organisations looking to deliver on their digital business objectives, like personalisation and real-time data analysis.

Successful IoT implementations build complex relationships between people, devices, and services, and the only sustainable and secure method for delivering real end user or operational value from device led solutions is to enable persistent identity across all touchpoints. Legacy identity access management is not enough. Enterprises require an IoT-ready identity platform which can securely support healthcare wearables, connected cars, or whatever yet-to-be-invented “thing” customers are using now and in the years ahead. 

As IoT adoption increases, a single, unified platform will break down silos, reduce costs and accelerate time to market for feature upgrades. The seamless integration with existing infrastructure will enable organisations to leverage the full value of their current environment while extending it across new IoT capabilities. API integration with new and existing business processes will also help organisations increase automation, efficiency, and control.

As our world becomes more connected, it also becomes more complex. A fundamental shift in the dynamics of data exchange between business and consumers is taking place. Capturing the full commercial potential of the IoT will depend on addressing lingering consumer concerns over consent and privacy. In doing so, both businesses and consumers will strike gold.

Article by ForgeRock VP IoT Gerhard Zehethofer. 

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.