The Internet of Things (IoT) is growing exponentially. And will bring more convenience and connectivity than ever before possible. But it also opens the door to serious threats to security and privacy. Financial institutions are charged with protecting their customer’s valuables. Today, ‘valuables’ includes customers’ digital identity.
Since the IoT unleashes an exponential jump in the data businesses have on consumers, digital trust is the gateway to monetising its value.
Bram Gerrist Innovation Manager, Innovation Centre
Welcome to the future
It won’t be long before everything we use will be connected: from refrigerators to milk cartons, from medicine dispensers to cars. It is already possible to have a smart thermostat that knows we are home and automatically heats the room. But more possibilities emerge every day. Think of a health monitor that sends personal data to the doctor when you consult him via your television. Or a connected car that tells the insurance company how many times you had to brake hard while driving.
Of course, the way we bank is going to change, too. Soon, we will probably be able to order tonight’s dinner from the supermarket, check utility service agreements and council tax information at the same time, using a primary bank app.
The potential of the IoT
The Internet of Things is going to cause exponential growth in connected devices and data. The Internet connected 1 billion users. The mobile wave connected another 2 billion. The IoT, according to Gartner, has the potential to create 25 billion connected devices in 2020. Imagine the insights and new possibilities that will emerge when all devices are connected. All these insights will be used to better anticipate and meet user needs.
These new opportunities will also bring new customer expectations that will disrupt current business models. Companies looking to evolve for the IoT will be challenged to really blend into people’s lives and truly put the clients first. Since the IoT unleashes an exponential jump in the data businesses have on consumers, digital trust is the gateway to monetising its value.
Addressing the challenges
The IoT delivers new ways to create and capture business value, but also creates some frightening new vulnerabilities that organisations must take specific actions to address. And these concerns are quite valid, considering recent developments. Cars are being hacked, even while being driven. Websites are regularly hacked and leak customers’ personal information. Even baby-monitoring cameras are being hacked. As Marc Goodman described: ‘a near total absence of trustworthy computing in a world run by computers should serve as a flashing red warning light to us all.’
Some steps are already being taken. Customers are becoming more aware of security and privacy, and the power over data is shifting. One example is the use of adblockers since the introduction of iOS 9. The recent decision by the European Union Court of Justice upholding an individual’s right to be ‘forgotten’ by a search engine is another. But there still is a long way to go.
No clear guidelines
It’s not that weir that you distrust IoT at this point. Largely because there are no explicit guidelines about what happens to all the data and insights once they’re floating around online, which introduces a substantial risk that needs to be addressed.
Imagine what happens if we have over 25 billion connected devices, and customers start to realise the impact and the amount of their personal data floating around. What happens if this data is stolen and misused? The call for privacy and security is going to be loud!
Security- and privacy-by-design
Privacy and security can’t be an IoT afterthought. We need a design-thinking approach in which the end-user experience is central. Because when security and privacy features are not designed well, people simply don't use them. That can actually make users less secure. If it’s too inconvenient to assign security preferences, customers simply don’t do it.
Both security and privacy must become an organisational priority and must be embedded into every standard, protocol and process. From the first draft of an application to the finished product, every step must be tested for safety. Secure and trustworthy computing must be the cornerstone of our technological future.
But there are more things that need to be explicitly regulated. Which data is collected, who controls it, who has access to it, and what is done with it. To technically enforce a careful and responsible handling of personal data, data minimisation has to be taken into account. In other words: as little as possible to process personal data. Only the data that are needed.
Banks as frontrunners
Banks can play an important role in the adoption of this needed change. They are traditionally in the business of protecting our customers’ valuables. Thus building on their core competence and monetising the value that the IoT brings means that they need to adopt security- and privacy-by-design principles today.
Waiting is not an option. The wave of connected products has already begun, and those who don’t act quickly will find themselves left behind.