How do trends around experience impact the way software can be used to extract value from smart city infrastructures? What are the security implications and what should you do?
Diamond Application Development Crafting Solutions with Precision
2018 01 smart city symposium - db
1. Going Native
Citizens, Smart Cities, & Security
January 2018
David Bressler, VP Industry Solutions, API Management @ CA Technologies
http://davidbressler.com
Smart City value will be realized through software. More software means
more value, but also more complexity. Learn how to frame this complexity in
order to prevent security from becoming a barrier to citizen engagement.
10. The Challenge to Secure
Smart City Applications:
How do I create:
• A native security experience that is
convenient, frictionless, and makes it fast
to add to new security modalities to apps?
• Secure enough to meet audits &
compliance requirements?
• Provides “developer velocity”: maximum
value without high costs to develop,
operate, or support?
Velocity
Convenience
Security
11. Decouple Security
from the app silo
Take as much authentication, data
governance, or security architecture
decisions out of the application silo.
The developers in that silo may not have
anything to do with you.
14. Benefits and Outcomes:
14
Native security
experiences, as they
evolve
Our voice will authenticate us, when it does, it should be as
seamless as FaceID was for TouchID developers
Many security use cases
”out of the box”
Two factor. Token passing. Others. We’ve seen how two-factor
has evolved to bypass SMS weakness; how many still haven’t
figured it out?
Governed in the platform,
not the silo
How do we use context and identity to reduce risk? Security
officers should decide, implement, and govern. App developers?
Let them write apps.
Faster/Cheaper to develop Not every developer needs to be a security expert; not every
project needs a security implementation timeline.
Increased security / identity
sophistication because not
building on the legacy of
desktop security
My bank app still “times me out after inactivity” in their mobile
app, like I’m in a browser session! How many companies still
require regularly changed passwords? If that’s so important,
why doesn’t Google/Apple?
15. Can our
Smart Cities
be Healthier
Cities?
If 20 minutes of
exercise, 3x per week
improves health
outcomes, could I
lower insurance rates
for people willing to
share their smart-bike
activity?
15bit.ly/HealthyCiti
16. In China people who follow the
rules have better credit scores:
16
For most, this is part of the EHR… but modern application design takes a feature of a bigger system and makes it more relevant. In this case, knowing that not everyone is a doctor and may not even know what medications tney take… they do know the shape/color of their pills, so this is designed around those people (that persona!). For anyone that’s booked travel on a corporate travel reservation system or done the resulting expense report – I’m neither travel agent nor accountant. It’s only recently that applications have become easier without deep knowledge of the space. As a user, I struggle with this very problem (with pills). And there are so many who’d benefit, yet it can’t get done? Why? Let’s look at a simpler example… [next]
This struck me as a great concept.
It tells you something useful, makes it actionable, and presents relevant information to make the decision it wants you to do.
This is a demonstration of the value we get from breaking down silos – there’s a weather app, a schedule/calendar app, and a health app… like a mash-up, only you can imagine needing many of these apps, native is critical, and you can imagine real use cases requiring identity/security. Idea that this is probably a good example of a non-native app is OK, but… what about Apple Watch notifications (or gathering data)? What about actions… I could schedule that run right from my watch, and just move on. Might I want to share this information with my insurance company to lower my rates? Or capture information to improve city traffic management / parks / congestion?
I get the sense that presented with this concept, people would say “yeah we could do that…” but then it’s never prioritized because it’s just a “UI” problem. The ”hard part” is already done – gathering the information and making it available.
These are informed by Persona, Journey, and Job to come up with an application (and there can be as many as you can deliver, so lots of opportunities as things get connected in smart cities, there’s going to be so much data and so much access to things at the periphery, so technology/software can reach beyond the boundaries of the screen with human input)
Why is native such a hard idea for big companies to get their heads around? Browsers have trained them in “write once, run everywhere”. And that worked when the computing stack was a PC, and the interaction model was fixed. Now, there are an order of magnitude more devices, and that’s enough for multiple “operating systems to ‘win’”. And, technology is fragmenting as a result. Apple’s AR will not be compatible or evolve at the same cadence as Google’s. What to do?
Can talk about voice, and how that will impact things. Is the watch the same as a tablet? What about event-driven applciations (notifications) rather than traditional UI-based applications?
Let me say this another way. Snapchat cold not exist on a desktop computer, it just wouldn’t make sense. What other opportunities are we missing because we keep thinking with a desktop mindset… extend that… what are we missing on the watch if we keep thinking it’s an accessory to the phone? Tablet? TV? Whatever’s next?
Thoughts…
On point #3 – can use story of planning a dive and not incorporating risk at every step of the plan, just at the end. For people who didn’t plan that way, they’d look at what I did as impossible.
On point #5 – can use story of doctors who used to have x-ray or radiology in house, but specialized places see more, have better experience, and can make investment better than an individual doctor.
Ask, so is this a citibike app, a cigna app, or a NY app? Who develops it? Who benefits? We need to create a platform for permissionless innovation, and we can’t do that without the right data governance and security. The security technology is there today, it’s just unevenly implemented. Make it easier to do security well by building capabilities into the platform so developers don’t have to do it in the silo, defining repeatable security use cases so that we can deliver the security experience to match the risk, and managing risk actively in the flow of app traffic (what are they trying to do, what is and where is the risk, and should we let them do it).
If you think my citibike idea is way out there… hello, it’s already happening (granted, in China where we definitely don’t see eye-to-eye on personal data privacy rights… but that’s just an implementation issue).