Security and IoT — The Challenge
By Mitch Seguin
Note: This blog is a follow up to “IoT — Explained”
Previously, I’ve spent a lot of time talking about IoT’s potential to impact our lives — connecting the deep personal data our phones hold, with things, all around us could unlock amazing experiences. To date, I haven’t really spoken or theorized about why that hasn’t happened yet. This blog post is going to be my first crack at exploring that.
Our phones, and more specifically the apps on our phones, hold an incredible amount of personal data. Our contacts, our day-to-day schedules, important birthdays, shopping habits on Amazon, location data — you name it, the modern millennial has almost every bit and byte (literally) of their life in the cloud. You’d think the opportunity to leverage that data in meaningful ways would be endless, wouldn’t you? Google and Facebook can already leverage our data to place highly personal ads in the apps we use, the web pages we browse, and even in our Instagram feeds; surely the IoT devices we own and operate should be able to use that same data?
Disclosure: I am not an engineer (well I am, but not a software one 😛), so excuse if the forthcoming oversimplifies the technical hurdles.
Privacy policies and platform specific authentication (i.e. Facebook, Google, Apple, etc.) have essentially locked up our data in silos. We should be thankful that our personal data is being treated sensitively, consequently the hurdles in place to unlock that data are high. Before we can realize the IoT dream of our environments seamlessly responding to our presence, we need to figure out how to enable the secure handshake required for data to be shared. What’s the point of IoT if I need secure two-factor authentication every time some device in the room needs access to my data? The solution to this problem can take multiple different forms. Apple and Google already allow us to control things like geo-location on a per app basis at the OS level; perhaps one day this will extend to third-party devices and even more granular data types. Another option may appear as developers determine a secure and reliable method of passing around authentication tokens; doing that in a seamless manner will definitely be an interesting problem to solve.
So, what are we at TribalScale doing about challenges like this? We’re experimenting. We’re taking our small team and hacking our office (and phones) to play and test potential solutions. I’m yearning for the day when I can do simple things like walk into a meeting room and already be logged into the hangout and signed into any applications I may need. That may not sound immediately awesome to a lot of folks, but solving that problem essentially means solving our security problem, at least a version of it in a bounded context — it’s a valiant first step. IoT holds some great potential and our goal is to unlock it, one step at a time.
Connect with me on Twitter or LinkedIn and let’s keep the conversation going.
Originally published at medium.com on February 24, 2016.