June 6th, 2014

APIs Fueling the Connected Car Opportunity

APIs Fueling the Connected Car OpportunityI just attended the Telematics Detroit 2014 conference, which was abuzz with mobile connectivity sessions and workshops. But the mobile conversation at this event was entirely in the context of the connected car, as opposed to the mobile phone.

The connected car has emerged as a real-world illustration of the opportunities presented to businesses and consumers by the Internet of Things (IoT). And – as you probably know – IoT is a hot topic right now.

Thilo Koslowski, Vice President & Distinguished Analyst at Gartner, who is known for his prediction making, claimed the car will be the most innovative and exciting mobile platform over the next 10-to-15 years. A bold statement but this goal is achievable and very much within reach.

The automobile industry has already made great strides and is quickly leveraging the business advantages offered by the digital economy. What once was considered to be a telematics and roadside assistance market has quickly transformed into fertile ground for mobile app development, with broad connectivity opportunities that will enhance the consumer’s overall digital lifestyle while delivering auto manufacturer efficiencies throughout the entire value chain.

While consumers continue to demand somewhat standard connectivity features such as navigation, maps and parking location services, there’s also a significant demand for advanced connectivity features such as the ability to make payments directly from the vehicle, remotely start the car or receive diagnostic information on a mobile device. There is also a willingness to share data with third parties, especially if this results in a better driving experience or cost savings.

But data sharing has privacy implications in this context, which could become a significant roadblock. A Gartner survey of automobile consumers uncovered that 61% respondents would not opt-in if too much information was taken. So, enabling this new world of connectivity in auto requires a balanced approach. Consumers want the convenience and personalized experience that connectivity offers but only if it doesn’t impact their rights and freedoms.

That’s where a proper API strategy makes a difference. APIs will become fundamental to any connected car strategy by enabling an ecosystem of drivers, vehicles and partners to share data in a way that will improve the consumer experience through better digital design, engagement and security.

To learn more, please read our new eBook: APIs Fueling the Connected Car Opportunity. This document outlines a number of key connected car use cases and explains how the proper API security and management solution will enable you to meet your connected car business and security objectives.

June 4th, 2014

The Right Connected Car App Experience

Connected CarLike most connected things these days, the connected car is powered by APIs. A rich connected car application ecosystem – running on both mobile devices and in-car infotainment systems – is seen as a key to customer loyalty. Car manufacturers and car service providers are hard at work developing a connected car experience that will “stick” over time.

As well as enabling new user experiences, connected car APIs unlock data that offers tremendous business value, powering partnerships with insurance companies and law enforcement, enabling new use cases around traffic management and urban planning. You can read about some of these use cases in our eBook, APIs Fueling the Connected Car Opportunity.

I’ll be at the Telematics Detroit 2014 conference this week, where I will be speaking about the need for secure APIs to power the connected car – starting at 4:35pm on Thursday. Earlier that day, live from the conference, I’ll be joining CA Layer 7’s latest API Tech Talk, The Connected Car, IoT, Apps & OAuth, which starts at 9am PDT.

If you’re attending the show, please stop by the Layer 7 booth (#118) to learn more about how APIs enable connected car use cases (and enter to win some Bose speakers!) If you can’t make it to the show, be sure to join the Tech Talk, where you’ll be able to get your connected car questions answered live. And if you can’t make that, you can always read the eBook.

April 2nd, 2014

The Next Big Thing is Small

Written by
 

The Next Big Thing is SmallOne of the challenges facing the tech community is the addition of tens of billions of Internet-connected devices over the next few years. Currently, this Internet of Things (IoT) is expected to grow from 20 billion connected devices in 2015 to 40 billion in 2020.

That’s a Lot of Things
Estimates vary widely but most agree we have something less than 10 billion connected devices today including computers, handhelds, cars and controller devices such as SCADA and others. So, adding tens of billions more in just a few short years is definitely going to present some challenges.

A Lot of Little Things
And – if you start to think about wearables, RFID and micro/nano-size items, you realize that billions of these devices are going to be quite small. Not just physically but also in terms of capability and capacity. These devices will not have the power or flexibility of a laptop or even a handheld mobile phone.

These new members of the “connected community” will be tiny, single-purpose, low-power devices that do one thing and do it well. And it is likely that the program-ability of these devices will be limited. You might be able to flash the memory or even tweak configurations but a good number of these devices will not be hosts to custom code the way Web servers and handhelds are today.

Yet, we still need these devices to work together – even if only to publish device data, consume data from others devices and react to outside stimulus (lights on/off, heat, air movement etc.) So, how will we do that? How can we get things to interact with each other?

Step-by-Step Programming
Most developers today write “code” by stringing long lists of imperative statements together into a coherent set of instructions for machines. To most developers “programming” is just that – providing step-by-step instructions. This means we take on responsibility for any mishaps along the way, whether they occur due to problems inherent in the instruction set or due to unexpected events outside the instruction set, such as other devices not responding to our requests or sending us unexpected data. Doing this on tiny devices with limited capacity and ability is going to be a problem.

Luckily, there is another way to “program” these devices.

Rules, Not Code
We can also use a rule-based approach to programming. In this paradigm, programmers establish a set of coherent rules that tell the device how to respond to outside stimulus (“if the lights are on do X else do Y” or “if the motion detector reports true then turn on the light” etc.) And that is all you do; you write simple rules and leave the device to its own…. well, devices.

This means “programs” are much smaller (just a set of rules), easier to debug and easier to safely modify. It also means the devices themselves don’t need to do a great deal of work in order to “act” according to the rules.

That’s what I mean by small. The code will be small; the code will be rules.

How Does That Help Us with IoT?
It seems unlikely that we’ll be able to “program” billions of devices to safely and successfully interact with each other if we have to constantly provide step-by-step instructions on how each one operates and how they all interoperate. Instead, we’ll rely on simple devices each of which does one thing well and makes its action history available (as a stream of data, occasional dumps etc.) to other authorized devices.

It is also important to keep in mind that these devices will not be “phoning home” asking servers for guidance on how to proceed. The amount of traffic that tens of billions of new devices might generate if they need to constantly get instructions from distant servers would be massive and a huge waste of time and bandwidth. Instead, most IoT devices will act on their own, making decisions in real time, using the rules provided to them.

So, This is a Big Deal, Right?
This way of thinking about how devices will work and how we will “program” them is a big change for many developers. But not all of them: There are people today who build “low-level” device handlers and other things that do pretty much what I describe here. Motion detectors, security systems etc. all operate on this model (simple rules executed in real time). The difference we’ll see in the near future is that more of us will need to start designing and coding for devices that use this rule-based model.

But yes, this is a big deal.

By the way, I see quite a number of people building “Internet of Things” apps and models still assuming that the devices will be high-powered, fully-programmable computers similar to today’s handhelds and laptops. This is a mistake. While there may be some IoT devices with that profile, I suspect it will be a very small minority of the projected 40 billion devices.

So, start thinking ahead. Start planning for a new way to program devices. Those who start working like this now will have a jump on their peers and competitors. And there is good reason to start contemplating this right away. Rule-based systems will require different training and even different tooling. Think about how this will affect the “test-driven development” movement and related practices. And that’s just one example.

Are There Examples of This “New” Kind of Programming?
Yes, there are. And I’ll pick up that thread in a future post.

(This post, which was originally published on my personal blog, covers material from my recent talk at the API Strategy Conference in Amsterdam. You can see the notes from my talk online, along with the slides and related videos.)

March 26th, 2014

Of Monsters & Men & Machines

Written by
Category API Security, IoT, M2M
 

Monsters Men Machines

In my last post, I talked about IoT and its nascent emergence into our everyday lives, with products like Anki Drive and the Nest Thermostat beginning to get a foothold. I also talked about the need for security, as IoT becomes more present in our day-to-day lives. Today, let’s talk about a few real-world examples where security was an “oh, we didn’t think of that” kinda thing.

Implantable medical devices (think pacemakers, for example) are absolute lifesavers for virtually all recipients. And, as you would suspect, they need to be monitored – usually at a doctor’s office. BUT what if the recipient lives in a rural area (e.g. anywhere in Montana, North/South Dakota, Wyoming)? A quick visit to the office might be out of the question. But there’s an app for that (you knew that was coming, right?) Pop an IP address and wireless on that pacemaker, plug that address into the doctors app and voila! Monitoring via the Internet! Yeah! Only thing is… suppose somebody got a hold of that IP address? And suppose that somebody had access to said app? Monitoring could easily become something far more nefarious – bumping up the heartbeat, slowing it down (either of which may have the same result, mind you). Not too cool.

Or how about using a baby monitor with video? New parents are always going to want to have complete unfettered access to their precious being – and the newest generation of baby monitors not only delivers audio but video and yes, with an IP address, there’s an app for that too! So mom/dad can be anywhere and keep complete tabs on the fruit of their loins. Of course, in the wrong hands, with an IP address and no security, that baby monitor all of a sudden becomes an audio/video surveillance tool. No big deal unless, say, that new mom or dad works in the President’s office, NORAD, banking or any one of a number of businesses where you really wouldn’t want to let sensitive information out via casual conversation around a dinner table – with the baby monitor catching every word.

Finally, how about the car – a ubiquitous item (in many countries) of which the newer ones are just chock-full of various computer systems, some of which talk to each other, some of which don’t, some of which are supposed to talk to each other but don’t (anyone played with the Cadillac CUE lately?). All these systems are there to make the driving experience either better or safer. One of these is simply brilliant – the Tire Pressure Monitoring System (TPMS) reports pressures to the primary automotive ECU, keeping the owner informed of poorly-inflated tires (when appropriate). By definition, these systems have to be wireless – and unfortunately, they are completely unsecured. What if someone was within range (say the car behind you) and used the same set of APIs that power the TPMS to send invalid data to the ECU – thereby potentially shutting down the car or, worse, making it unsafe?

All of these examples sound outlandish, right? And yeah, they are.

Oh and they’re also all true. The remarkable Robert Vamosi details these exploits, along with many others, in his phenomenal book When Gadgets Betray Us (available on Amazon here). Writing at a layperson’s level, Vamosi details time and time again how the emergence of IoT consistently takes security for granted or ignores it completely. It’s a scary bedtime story but worth reading. And it’s worth taking note of the key lesson: In IoT, security is very, very important.

March 10th, 2014

The Internet of Things – Today

Anki Drive CarA quick intro: I’m Bill Oakes, I work in product marketing for CA Layer 7 and I was recently elected to write a regular blog about the business of APIs. I’ve been around the block over the years – a coder, an engineer… I even wrote a BBS once upon a time (yes, I’m pre-Web, truly a dinosaur – roar!) But now I “market things”. That said, I still have a bit of geek left in me and with that in mind, this blog is going to focus not so much on the “what” or “how” when it comes to APIs, their implementations and how they affect businesses/consumers but rather, the “why” (which means, alas, I won’t be writing about the solar-powered bikini or the Zune anytime soon – I mean, really… why?)

For an initial first post, I thought I’d take a look at the Internet of Things (IoT) because it’s something no one else is really discussing today (cough). We are beginning to see the actual emergence of nascent technology that can be called the IoT. First, I’m going to take a look at one particular example – one that’s actually pretty representative of the (very near) future of IoT. Yes, I’m talking about Anki Drive (and if you haven’t heard of Anki Drive, you really should watch this short video).

What’s amazing about Anki Drive cars is that they know WHAT they are, WHAT their configuration is, WHERE they are, WHERE you are… Five hundred times a second (in other words, effectively real time), each of these toy cars uses multiple sensors to sample this information using Bluetooth Low Energy, determining thousands of actions each second. Oh… and they’re armed!

Equally amazing is the fact that kids of all ages “get it”. (By “kids”, I of course mean “males” – as once males hit 15 or so, they mentally stop growing, at least according to my wife. Although, I’ve seen many women enjoy destroying other vehicles with Anki too… but I digress.) Players intuitively know how to use the iOS device to control their cars and after learning the hard way that the “leader” in this race really equates to the “target”, they adapt quickly to compete against true artificial intelligence (AI) and each other. It really is an incredible piece of work and is absolutely the best representation of the IoT today.

So, you ask: “What does this have to do with moi”? Well, imagine if your car could do this kind of computation in real time as you went to work. Certainly, Google is working aggressively on this track but Anki lets you get a feel for it today. (And I’m fairly certain Google is not going to provide weaponry its version.) Still, the real-world application of this technology is still a ways away. Let’s reign in timeframes and take a look at what is happening with the IoT in other industries today.

Imagine that your appliances knew about and could talk to each other. Google, though its Nest acquisition, is working on this with its learning thermostat. My first thought on the Nest was something along the lines of: “What kind of idiot would spend $250 on a thermostat when you can get a darned good programmable one for around $50?” But then Nest introduced the Protect. Simply an (expensive) smoke detector with CO detection built in. Big deal, right? Except that if your Nest Protect detects CO, it makes a somewhat logical assumption your furnace is malfunctioning and sends a command to the thermostat to shut down said furnace. That is the power of the IoT in the real world today. So I bought into Nest (thus answering that previous question) and, yeah, it’s pretty cool – not nearly as cool as Anki Drive but then Anki really doesn’t care if my furnace has blown up and Nest does.

As we see more and more real-world introduction of functional, useful IoT solutions, these solutions will all have one thing in common: they will use APIs to communicate. And what IoT will absolutely require is a solution that ensures that only the right devices can communicate with other right devices, in the right way, returning the right results, with no fear of Web-based (or, technically, IoT-based) threats, bad guys, MITM etc. As solutions roll out, it’ll be interesting to see how many vendors remember that security and performance are not options in IoT – they are 100% essential.