Skip to main content

Security, Privacy and Monetization Challenges in the Internet of Things: Q&A with Noah Harlan

By March 21, 2016Article

Editor’s note: Noah Harlan is president of the AllSeen Alliance, a leading cross-industry consortium to advance the Internet of Things (IoT) through AllJoyn, a unified open source development framework. He is also a co-founder of Two Bulls, which developed an IoT platform used by Qualcomm, called Higgns. Two Bulls was selected for the launch of AWS’ IoT service as a designated systems integrator. Two Bulls is a boutique digital product solutions company specializing in mobile and IoT and the infrastructure that supports them; Higgns is an interoperable configuration platform for IoT products and services. I spoke with Noah about his insights into challenges in privacy/security for the IoT and advice for monetizing IoT initiatives. 

In trying to move the IoT forward in 2016 and 2017, how much of an issue is it that businesses are having challenges around trying to monetize their IoT initiatives? 

Noah HarlanNoah Harlan: Monetization is critical. The challenge that any company, like a white goods manufacturer, has is that the individual responsible for a product line has a P&L. And he or she is going to devote the resources in the P&L according to things that are going to move either the P or the L. If they can’t define an increase on the profit side, then devoting a lot of resources to connectivity looks a whole lot like a loss. 

So companies like ours are helping businesses understand the ways in which they can drive new revenue in the IoT. 

What are some of those ideas for driving revenue? 

Noah Harlan: I’ll give you an example with white goods manufacturers. Historically, they sold a stove and then didn’t get to sell anything else to that customer for seven to 10 years until it was time to replace the stove. Now, as devices become smarter and more connected, there are a lot of things that can go along with that stove. Better service plans, monitoring, insurance, remote access, filters, replacement parts, upgrades. And new technology that you can deploy at the software layer in the stove such as cook systems where it changes the temperature after a certain number of minutes. So then chefs can sell recipes with an oven configuration, and the oven manufacturer can get a new source of revenue by taking part of that revenue stream from that partnership. So this is an example of revenue opportunities in the IoT from a business opening up persistent relationships with its customers so that the touchpoint doesn’t die. 

This is where I think some companies are being shortsighted. In the future, we’re going to hand off not only our physical space (such as our house) but we’re going to hand off a complex set of relationships. If you think about a smart home or office or factory, they come with a lot of configurations now. Your Echo is connected to your lights and your air conditioners and your Nest thermostat. So you now need to have an identity for that system so you can hand it off. 

For instance, when I give up my lease on my office, the office may have all sorts of automation in it that should go with the office, but I don’t want to flash every one of these devices so the whole system has to be reprogrammed from scratch. It would be great if I could just hand over an email address for my office street address, and then the next tenant could own that email address. For companies, it means that they would have a relationship with their users that persists through change of ownership. 

I think that as companies mature their understanding of what their future business models look like, they are going to see the revenue opportunities open up. And it will be fascinating what is revealed. We’re going to see devices that will sell you not only the device but also the energy to power itself and the insurance to protect itself and the warranty; and all of that is going to be brokered from the device itself. That’s a really interesting future world. 

Is it mainly the product-line people that are involved in initial monetization ideas? Or is it more cross-functional than that? 

Noah Harlan: It’s always cross-functional. But I think if you go into the engineering teams of companies, they all get it. They get that connectivity is where everything is headed. When we talk to companies, we don’t see a lot of pushback in the engineering departments. They want to use tools like Higgns, which make connectivity better. 

And the innovation teams within companies are generally looking more out towards the future and saying, this is where the industry is headed, and we don’t want to be behind the times; we don’t want to be known as the company that is the low-tech company in a high-tech world. 

The biggest challenges are the business-unit owners and the senior management. In many cases, they are not yet able to square the revenue. So they’re waiting. But I think they’re waiting at great risk to their business. We’ve seen over the last 15 years that the last mover has a very hard time catching up. 

Microsoft, as big and powerful as they are, owned the desktop operating system. And then mobile came along and Microsoft didn’t play. They thought they could just push from the back position because of their instantiated position. But Microsoft today only has three percent of mobile operating systems. Google has more than half. And the way that reconfiguration happened was because a company with a big, dominant position waited and was out-innovated underneath itself, and now they’ve been spending billions of dollars scrambling to keep up. 

Security and privacy issues are a significant challenge in the IoT. What is your advice in this area? 

Noah Harlan: People talk about privacy by design and security by design. If your system requires leaving your local network to go to some remote service, then you are by definition exposing threat vectors to both security and privacy. If you really are security by design and privacy by design, then nothing should leave your environment that you don’t have control over and it shouldn’t leave unless it absolutely has to. 

What are the top two or three decisions involved in approaching security and privacy by design? 

Noah Harlan: First of all is the privacy policy. What is your goal with data? Are you looking to monetize that data to third parties, like selling it to advertisers? Are you looking to use it to improve your own products and sell internally? Or are you using it solely for diagnostics? That’s a decision that you need to make as a company. And there’s not necessarily a right or wrong decision. 

I use Google all the time, and I trade them data for good searches. Similarly, I use a lot of Apple products, and I trade them cash for privacy. And we’re seeing that being played out with the FBI today. 

The next consideration is many companies say they don’t know what they’re going to do in the future, and therefore they should grab all the data they can today. It sounds like a good idea, but I think every company has to presuppose that they will have a security vulnerability at some point. And if you have gathered lots and lots of data that you did not need, what are you then going to be accused of having let loose into the world? 

And, finally, you need to think very carefully about transparency. I think that people are actually quite willing to let companies do things so long as it’s clear what they’re doing and why. We’ve seen that play out with voice control. If you look at something like Alexa, Siri, Cortana or Google Now, those companies have been pretty clear about what’s happening – that you’re going to have a microphone in your house or wherever you are that listens for a particular phrase. It’s going to record everything that it hears and compare it to that phrase. If it doesn’t compare to that phrase, it’s going to ignore it. But if it does compare to that phrase, then it’s going to listen to the next thing you say, and it’s going to process it.

But there are companies that manufacture TVs and very deep in their privacy settings they say they’re going to record everything and listen to all of it and process it. But they neglected to talk about how they are going to dump the information. And they forgot to be transparent about what they’re doing. Then the next thing you know, there are stories in the media about a company’s dolls that listen to everything your kids say. And it freaks you out legitimately because you didn’t know this stuff was happening, or why, and you’re really not comfortable with it. 

That’s a mistake in design because they were gathering more information than they needed. And it was a mistake in communication because they didn’t explain what they were doing and why. 

Companies need to become a whole lot more transparent, and they need to think about designing their systems in a way to mitigate privacy and security risks, as opposed to maximizing their own data amalgamation. 

Noah Harlan is an accomplished entrepreneur and current co-founder of Two Bulls. He currently serves as president of the AllSeen Alliance, working toward shaping the future of IoT. Prior to co-founding Two Bulls, Noah co-founded and served as a board member for Breadcrumb POS, the first mobile Point of Sale system created and established as an industry standard; it was purchased by Groupon in 2012 and is still used by them today.