Trends 2017: IoT and the emerging regulatory landscape

Published on the 15/12/2016 | Written by Eve Maler

Internet of Things (IoT) momentum accelerated in 2016 and we can expect it to increase again in 2017, writes Eve Maler…

Gartner, Inc. forecasts that the IoT – the fast-emerging world of smart cars, smart homes, smart cities, cloud-connected healthcare devices and processor-enabled appliances – will have brought 6.4 billion connected things into use worldwide by the end of 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. This rapid pace of change will pose challenges to businesses in terms of securely connecting devices, cloud services and things to individual customers and citizens.

As we move into the new year, individuals and organisations need to realise that the IoT as it exists today is highly vulnerable to malicious attacks. We saw exactly how vulnerable this past October when a Distributed Denial of Service (DDoS) attack brought down many of the internet’s most heavily trafficked sites. The source of these attacks? A botnet comprised of millions of cheap, connected IoT devices – webcams, wifi speakers, wearables – all controlled by a hacker.

Personal Privacy  and IoT security
The October incident showed that the IoT is coming online largely in the absence of adequate security measures that can ensure the privacy of personal data. The history of customer-facing identity standards and collaboration efforts is full of noble, but failed, attempts to change ecosystem behaviors in order to empower individuals. InfoCard and OpenID, to name two, sought to deliver “user-centric identity” solutions, but didn’t catch fire. Where did they go wrong? They delivered on a vision with too few hard benefits. Now, several solutions based on blockchain/distributed ledger technology are seeing digital identity experimentation.

Are we seeing the same pattern all over again? Yes, because of a built-in assumption that users want “identity sovereignty” versus service value and convenience, and that service providers will accept such credentials. Users and organisations alike must see more direct benefit given the new costs being imposed. To this end, solutions must enhance the “three Ps”: protection (security, privacy, control over sharing leading to trust and/or compliance), personalisation (custom experiences leading to mutually beneficial engagement), and payment (support for transaction value flow).

The New Era of Personal Privacy
Another major development happened in October when the U.S. Federal Communications Commission delivered a ruling restricting how internet providers can use and sell customer data, while also establishing that customers have the right to control their personal information. With these rules, individual can forbid internet providers from sharing personal data, such as browsing data and app usage information, location data and other kinds of information produced during online sessions.

Requiring ISPs to secure consent from their customers before sharing their personal data with third parties brings us into a new era where the ability of the individual to keep their browsing data and other personal information private is now more broadly protected. This move also brings the U.S. more into line with Europe, where ISPs and telecommunications carriers have long been subject to regulations that elevate the privacy of the individual over commercial interests. For organisations operating on a global basis, the new FCC rules level the playing field, while also presenting ISPs and communications firms a great opportunity to use robust privacy protections as a competitive differentiator to cement customer loyalty. With the FCC tightening privacy rules for ISPs and telecom carriers in the U.S., and the GDPR looming in the E.U., the adoption of identity-based consent and sharing standards such as the OAuth-based User-Managed Access (UMA) protocol is likely to accelerate.

Implications Across Industry Sectors
Within the many industry sectors that are seeing organisations realigning to adopt IoT business models, the emerging regulatory landscape and demands for increased security regarding personal data will have significant impacts.

For example:

The connected car experience begins with satellite navigation systems, smart phones, and online services that work together to form telematics systems delivering infotainment, navigation, and personalised information. Because the solution needs to be personalised for each customer – manufacturers will scramble to adopt reliable and agile access management systems. These access management solutions will need to be intelligent about which car and which driver is accessing the platform, in order to deliver customised services to each driver through in-car devices/services.

Digital Health
In 2017, the distinction between in-home and clinical healthcare devices will continue to erode. To date, smart wearables and exercise devices have been used to track exercise – distinct from clinical medical devices like heart monitors or insulin pumps. At the same time, it’s become common for high blood pressure patients to monitor their BP at home, capturing it on an app on their phone – exactly how fitness trackers work. The ease with which personal health data can be gathered and shared will increase pressure on healthcare IT decision-makers to use identity management and authentication to meet security objectives.

Financial Services & Retail
In 2017 commercial banks and investment houses will continue to fight disruption by “fintech” such as Bitcoin and emerging artificial intelligence technologies. In fact, we’re already seeing banks co-opting these disruptive technologies and incorporating them into their own IT mix. But while there’s a ton of hype around cryptocurrency, the more obviously productive moves in 2017 will be around open banking APIs. Meanwhile, consumer-oriented businesses of all kinds will be grappling with preparations for the May 2018 implementation of the European Union’s General Data Protection Regulation, which applies to every organisation selling to or monitoring anyone in the EU.

Risk teams and digital teams within banks, online retailers and other B2C organisations will need to need to own and drive the GDPR challenge – immediately – so that it becomes a triumph vs. a tragedy. Businesses that can provide the customer with control over their consents – true bilateral digital trust – will not just ensure compliance to the regulation, but achieve the ultimate service stickiness.


Eve Maler is VP of innovation & emerging technology at ForgeRock.

Post a comment or question...

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

No items found

Follow iStart to keep up to date with the latest news and views...