APIs, Access Management and the Secure Smart City

Smart cities promise connectivity across public and private spaces, but with this promise come serious security and privacy challenges.

The Internet of Things is all about smart devices: smart cars, smart electricity meters and smart refrigerators, even. It’s also about ubiquitous connectivity—a smart world. While total connectivity on a global scale may be a way off, a more realistic goal is being pursued in many places across the world: building smart cities, where the benefits of digital connectivity enhance everyday experiences and reduce every inconvenience.

To succeed in building truly smart cities, local governments and their tech partners will have to answer significant questions about ensuring system security and protecting personal privacy.

Ubiquitous Connectivity and the Smart City

The Internet of Things is a much-hyped concept in tech circles, but it is also an increasingly significant reality. According to Statista, the IoT currently comprises more than 20 billion connected devices and is likely to reach 50 billion devices in around five years. As with AI, this extraordinary degree of connectivity is widely predicted to effectively revolutionize human life. In some ways, though, these predictions may actually be too limited.

Much of the talk around IoT unwittingly confines it to specific locales—the home, the car, the factory. To be sure, smart homes, smart cars and the industrial internet are all potentially revolutionary tech paradigms. But they exist in private spaces and IoT is already not limited to private spaces. The concept of total connectivity throughout shared, public spaces may be even more revolutionary—an entire world of connected convenience.

It’s unsurprising, then, that there is renewed interest in the “smart city”. This concept was popular in the early 2000s, but the rise of mobility, smart devices and sensors has made the tech landscape much more receptive. MIT Technology Review recently reported on a project by Sidewalk Labs (owned by Google’s parent company Alphabet) to turn an underutilized stretch of Toronto waterfront into one of the world’s most technologically innovative neighborhoods.

The Toronto project will involve everything from self-driving busses to apps that make it easy to locate empty parking spaces. And this project is not an isolated example—a study by Chrodant, in association with CA Technologies, found that there are advanced smart city projects in a number of other major North American cities, with notable examples including Boston, Chicago and Atlanta.

Good Governance in the Smart City

So, what makes these smart cities truly smart? Returning to the Toronto example, Sidewalk Labs plans to architect smart city infrastructure as a platform upon which third parties can build new apps and services. The concrete holding all this together will be APIs—the interfaces that allow smart devices to talk with each other and utilize data and functionality from powerful backend systems.

Having all these interfaces will be a huge security challenge, though. Every node in a smart city will need to be protected by strong API security, and smart city builders like Sidewalk Labs will have to make centralized API management a core element of their infrastructures. And because each node will have at least one administrator login associated with it, managing privileged user identities will also be a crucial concern.

Public and private sector organizations investing in smart cities will need to emphasize security and access management to prevent their systems and devices being attacked or hijacked. But what about the citizens of smart cities? Many are likely to feel the constant data collection associated with IoT will amount to state surveillance. And even those who are more open-minded have reason to be concerned that their personal data may be compromised.

For municipalities, collecting data on citizen behavior could prove invaluable in their efforts to provide better services and better allocate spending. But these government organizations, along with the private sector partners that will deliver many of the services, will need to be cognizant of ensuring that the people who vote them into office and use their products feel that their privacy is being protecting and that the smart city is being run for their benefit.

Mapping the Smart City of the Future with APIs and IoT >
Samuel Macklin
By Samuel Macklin | March 28, 2018