In my first post, I set out three rules for avoiding privacy and trust fails:
- Make the right choice be the easiest choice.
- Offer “privacy actions” that bring users immediate, unequivocal benefits.
- Make what people actually want to do possible.
The urgency of getting consumer trust right is cranked up in the context of the Internet of Things (IoT), where ecosystems of services, APIs and smart things are finding new ways to use data to enhance product offerings. Look at the ecosystem represented by a connected car. It houses dozens, maybe hundreds, of sensors made by manufacturers, orchestrated by complex systems that must be made not only increasingly secure and user friendly, but compliant with relevant regulations. Here’s the thing: Today’s cars are now being conceived not as “driving machines” – particularly as autonomous capabilities are introduced – but rather as conveyors of “mobility services.”
The fact is that much IoT growth in the years ahead is forecast to happen within automotive/mobility and industrial IoT sectors including manufacturing, building automation, facilities management and infrastructure systems. Most of these applications will be characterized by intricate many-to-many interactions where a community of users will need to access and manage various aspects of a device, or collection of devices. Among these users might be a facilities engineer managing lighting arrays and HVAC systems in a skyscraper, or a farm foreman with responsibilities for thousands of acres of irrigation infrastructure and a fleet of tractor vehicles. In the same way, in the emerging automotive/mobility space, it’s highly likely – inevitable, really – that consumers will be interacting with manufacturers, services, apps and data sources packaged up into what appears to them to be “a car.”
For these reasons, I propose a fourth rule (or a conditional frame, to be literal) for avoiding privacy and trust fails.
Rule 4: Does the solution respect and balance all ecosystem parties’ needs?
New mobility services begin with complete integration and synchronization of the individual’s digital life, from the apps they use to the media they enjoy to the work or personal business they might need to get done while in transit. Equally important, these seamless user experiences must be delivered with the reliable security, privacy and performance consumers demand from any other digital service – or more, given the highly personal nature of mobility. At the same time, the mobility ecosystem will have multiple stakeholders, each with particular interests and needs. Consider that the owner would require blanket access to all systems within a vehicle, while a teen driver might need access to drive on certain times of day.
Consider also the need to secure and facilitate interactions for vehicle-to-vehicle (V2V), vehicle-to-pedestrian (V2P), vehicle-to-infrastructure (V2I) and vehicle-to-cloud (V2C) scenarios. Having secured identities for each of the devices, systems and stakeholders within this ecosystem is the only reliable way to support trusted connections. The connected car must know that the driver is authorized to drive and to access and manage onboard systems such as environmental controls and open the trunk. At the same time, vehicle telemetry and traffic management system interactions might need to connect to one cloud network provider, and the onboard vehicle infotainment systems might need to connect to a separate streaming-media cloud. If automakers and public infrastructure managers can implement this kind of system at scale (and organizations such as Automotive Grade Linux are busy facilitating this process), it would be the model of how a healthy, successful ecosystem needs to operate.
We’re in the early days of the industrial IoT and the new mobility, and we can’t fully anticipate where innovation will change and shape these ecosystems in the years ahead. One thing we can reliably predict, however, is that the mobility consumer/ecosystem relationship is about to change in a radical way. Many automotive industry observers forecast that within a few short years automakers will see greater dollar profits selling in-vehicle services and data than from selling the car itself. This dynamic will raise new tensions between the business and the consumer. Privacy advocates in academia point to the vendor rights management model as the ideal for securing data and empowering the individual to consent to sharing with device or service vendors only when absolutely necessary. But consider the complexities inherent in the connected car ecosystem: real-time data sharing (V2V, V2P, V2I, etc.) will be a matter of life and death when you have thousands of vehicles speeding down a highway – no matter if automakers can use some of this data to monetize the driving experience. Like it or not, this is how a healthy, successful ecosystem will need to operate. The trick will be in finding the sweet spot between privacy and openness in emerging IoT environments – the middle ground where consumers find the experience appealing, with trust in place. Which brings me to:
Rule 5: Is the system’s architecture applicable to multiple or future problems in a clean way?
In my previous blog I wrote about how the European Union’s pending General Data Protection Regulation law and vision for a single digital market are two sides of the same coin – a vision, in other words, where the rights of the individual are balanced against the interests of business to innovate and deliver value in new ways – exactly the tensions that will be inevitable as the connected car ecosystem evolves. But as we know, the IoT will disrupt and transform many, many different industries, from health care to retail to financial services and communications. The intricacies of multi-user scenarios will call for data security and privacy approaches that can flexibly scale to accommodate any number of eventualities, from the introduction of new devices and service, to the ability to bring on new users with fine-grained gradations of authorizations.
Identity and access management (IAM) technology has long been the preferred technology/methodology for securing individual users, devices, digital assets and services, yet conventional approaches to identity, access management, authorization and security were designed as intraorganizational tool sets. A large bank or governmental agency, for example, would use IAM to grant access to – or restrict access to – systems, files or services within the organization. These IAM systems were designed to handle hundreds or thousands of users/identities. In connected car and IoT cases, even with modestly-sized deployments, millions of devices and user identities will need to be managed and protected. Scalability in these cases will be must-have. Roadblocks to access (think of interruptions precipitated by conventional login/password methodologies) will be anathema.
Think about the customer-to-business relationship as it currently exists. Today, consumers are forced to punch in usernames and passwords at login over and over again every day. Merchants and services providers have been able to personalize user experience (UX) to an extent, but only on a limited number of factors. An administrator who wanted to alter a customer’s login journey if that user logged in from a Microsoft-based device vs. a Linux-based device was out of luck in most cases.
Since we know that the future of IoT will be characterized by accelerating and unanticipated change, I believe that the most effective approach to fostering healthy IoT ecosystems, that include empowered individuals, is through customer-oriented IAM (CIAM). Regardless of the customer-business relationship, a clean user experience with seamless access and authorization steps will be key. Automakers and manufacturers providing components and services to the connected car will need to implement an identity and security stack based on agreed-upon standards. Importantly, the feature set for such a CIAM solution would need to include:
- Ability to integrate with legacy systems
- A hybrid implementation approach with the ability to deploy on premises or in the cloud
- Ability to leverage DevOps tools
- Extensive customization capabilities
- Ability to scale technologies to support IoT initiatives, which can encompass millions of identities for people, devices and services
With such capabilities incorporated into your digital identity infrastructure, it becomes possible to support a UX that caters to the IoT user based on signals and modes – not passwords and logins. Rather than having customers initiating an interaction through two-factor authentication, you can base authentication and authorizations a limitless number of factors: location, biometrics, geovelocity, risk score, profile data, network, purchase history and countless others. Fine-grained authentication provides more flexibility, administrative control and increased security by enabling organizations to continuously evaluate the most appropriate authentication experience for end users and consumers, based on their needs. With the authentication journey broken down into signals, a more transparent login experience results, with increased choice and less friction for end users.
About the Author
Eve Maler is vice president of innovation and emerging technology in ForgeRock’s Office of the Chief Technology Officer. She is a renowned strategist, innovator and communicator on digital identity, security, privacy and consent, with a focus on fostering successful ecosystems and individual empowerment. Eve drives privacy and consent innovation for the ForgeRock Identity Platform, enabling user-controlled and compliant data sharing across web, mobile and IoT contexts. She founded and leads the User-Managed Access (UMA) standards effort and guides the ForgeRock implementation of UMA and other privacy and consent solutions. She also directs the company’s engagement in interoperability standards such as Health Relationship Trust (HEART) and provides expert advice to public and private forums such as the Facebook/Ctrl-Shift research on A New Paradigm for Personal Data and the U.S. Health and Human Services API Task Force. Eve was formerly with Forrester Research, PayPal and Sun Microsystems; at Sun she co-founded the SAML standard. Previously she co-invented XML. In the dim past she co-authored Developing SGML DTDs: From Text to Model to Markup. Eve enjoys singing bluesy-funky rock ‘n’ roll.