The rise of the API economy has fundamentally turned the tables on the way many businesses monetise their product offerings.
An API, or application programming interface, is a set of routines, protocols or tools that assist developers in writing code that can interface with other software.
The growth of APIs in recent years has enabled nearly every type of business to expose new value digitally, reach out to bigger audiences, and disrupt established industries.
The main push for APIs came out of the smartphone revolution and the radical simplification of how users and customers interact with products and services.
Mobile app developers needed APIs to access the functions of what were originally web applications. The resulting API explosion means organisations across all industries are now rapidly pursuing broad-based digital transformation strategies, prioritising new processes and workflows.
APIs in the IoT – are they trustworthy?
The rise of the IoT is leading to a whole new set of business opportunities around APIs.
However, providing safe, secure interactions and handling digital identities and authentication requires greater care in this relatively uncharted territory.
A great example of this is connected cars, many of which utilise APIs to allow car owners to perform tasks including tracking their location and locking or unlocking the doors remotely.
Next year, Audi will allow its cars to access traffic light timings to help drivers save time and fuel.
However, we see great risk as well as opportunity: security researchers uncovered an API vulnerability in the Nissan LEAF connected car that not only allows it to be controlled independently over an Internet connection but also gives access to other LEAF models through the NissanConnect EV app.
Clearly, these types of API vulnerabilities in the IoT are cause for major concern amongst consumers, IT professionals and businesses alike.
Add to this the widespread concern that current privacy and consent methods simply aren’t ready to adapt to the new digital economy: We’re now seeing more connected cars joining mobile networks than smartphones, and these cars are inherently location-tracking devices.
It is simply not practical to pull out a companion mobile app to consent, or configure your sharing preferences, every time you need to interact with a smart thing.
As the regulatory landscape of data protection and privacy shifts to give a bigger role to consent, developers will need to consider this reality.
The regulatory landscape
In April 2016, the General Data Protection Regulation (GDPR), which is designed to give EU citizens better control of their personal data in the context of a more unified EU marketplace, was set in motion for implementation in 2018.
The regulation states that the highest level of privacy setting must be the default and requires that developers design privacy-friendly settings for all apps and websites.
The point of the GDPR policy is that data privacy and protection should not just be about the end user; for developers, it should include the API level – by design.
Tech companies, especially those that create IoT devices and applications, are beginning to understand the importance of closing all the doors to their APIs.
Developing digital trust in the IoT
The bars for companies to meet consumer needs and government regulations are rising.
It is likely that legacy technologies and existing compliance-oriented efforts can offer only a temporary solution at best. New data privacy methods and technologies will soon need to be deployed widely in both the US and the EU.
User-Managed Access (UMA) is a key new standard in this area, giving individuals a unified control point for authorising who and what can access a variety of cloud, mobile, and IoT data sources.
Users can share data and API access selectively with other parties; withdraw consent for that sharing in a finer-grained fashion so that other data feeds can remain in place; and manage delegation, consent, and withdrawal more conveniently from a central sharing hub.
With the rise of cloud-based data, health and wellness apps, and consumer sensors, companies such as Philips are developing IoT-oriented platforms that promise to transform the ways healthcare and medicine are practiced.
In so doing, however, these companies have identified the importance of enabling consumers and patients to selectively share data with family members and health professionals.
Philips is looking to leverage standard solutions into its healthsuite digital platform that will make it possible to foster patient trust. ARM is another example of a company doing great work on developing trust models for sensor-to-device-to-service security.
Ensuring digital trust in the IoT era is critical to its ongoing success.
The growing API economy provides an exciting glimpse into what the future holds, but lingering concerns over consent and privacy must be dispelled if it is to be truly embraced by consumers.
We are fast approaching a time where companies’ desire for better customer engagement and consumers’ desire for greater levels of privacy will have to meet somewhere in the middle. Which is why CMOs and CPOs will need to meet in the middle also.
With the rise of IoT and more people sharing their things along with their data, this need is only going to get stronger.
We’re starting to see how it’s possible to achieve all of the above with new security, consent and privacy standards.
Thankfully, new standards such as UMA are emerging that give unparalleled levels of control to consumers over who and what they share their data with.
Security and privacy standards like this hold the key to establishing confidence in new technology and will be a key component in helping to cement its place in our futures.
Sourced by Eve Maler, VP of innovation and emerging technology atForgeRock