IoT Guidelines Need to Ask Less of Device Manufacturers
Posted by John Berard
The Online Trust Alliance (OTA) has been at the forefront of helping build consumer confidence in the technology products that have helped remake our day. So, it was no surprise it moved to create a set of guidelines around the products and services that are part of the Internet of Things (IoT).
That framework took another step forward this month when the OTA released its Trust Framework of 30 recommendations for consumer-facing IoT companies seeking to build out this network of connected devices.
At first blush, the list of recommendations seems complete, but a longer look suggest is may be both too long and not long enough.
Too long because any list of 30 “must-haves” becomes more a barrier to entry than a glide path to market share. Too short because the biggest danger to consumer privacy, security and trust is a product no longer supported by a company that has moved on or shut down.
Too long? Rather than seek to create a granular set of prescriptive recommendations, it would be better to focus on a shorter and more effective set of requirements. I count five: encryption, authentication, fault tolerance, security and user control to review, change or delete. The ability to easily integrate and interoperate might be a sixth, but the market for consumer IoT is not so mature as to make that necessary – just yet.
Too short? The biggest dangers to consumers are IoT products no longer supported, either because it didn’t gain traction or the company has ceased to operate. It does not take long for a technology product to develop security holes if upgrades are not made. These holes are the source of the greatest vulnerability for the growth of the IoT market.
The OTA framework doesn’t answer all the questions raised by the expansion of the IoT, but it ought to be a real conversation starter – both for consumers and industry.