Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Networks

Ensuring the security of connected cars

Posted: 21 Nov 2013 ?? ?Print Version ?Bookmark and Share

Keywords:application programming interfaces? API? cloud? IoT? Internet of Things?

In addition, Hill states that "We should think now about who gets access to that data and how they do so, because one day soon, your car is going to be as much of a privacy concern as your smartphone."

And she's right. Just because cars are now smarter than ever, that doesn't mean they're secure. To that point, the more intelligent our cars become, the more adaptable the technology running them needs to be. Car manufacturers are in a sticky situation: how do they ensure the most stringent privacy policies and ease consumer fears as cars become more connected than ever? Because APIs are the mechanism by which connected cars transmit their data, the answer is to understand API requirements and put a successful API management strategy in place.

We know that most applications now have several interfaces, built on different technologies, targeting particular types of users (in this case, car manufacturers and consumers), and are built by a range of interested parties. As APIs become the primary customer interface used for technology-driven products and services, a well-executed API management strategy is key in driving business value while ensuring security.

But what will this strategy will look like? The manufacturers producing these connected cars will have to make sure to approach their associated APIs as an IT project, closely aligned with the vehicle design and manufacturing process. COBIT, for example, provides a four-domain framework that applies directly to API management:
???Plan and Organise: This phase ensures that the right APIs are built the right way. Since these APIs are tied to back-end transaction systems that are highly protected and/or secured, it will require more planning than typical consumer APIs. In addition to the APIs themselves, the developer registration and application security model needs to be defined. And the security monitoring and update/patch processes need to be outlined, in case a security problem crops up months or years down the road.
???Build (Acquire and Implement): This involves coding and/or re-configuration of APIs and the API management infrastructure. It can involve complete rebuilding of new REST- or SOAP-style APIs, or it can utilise a mediation technology (e.g., an API gateway) to transform old interfaces. Existing developer or partner registration mechanisms can be extended, or in some cases, new programs need to be built out.
???Deliver and Support: This phase involves delivering all the interdependent aspects of the API management infrastructure and the API implementations themselves. Some phasing may be required, depending on the "app" ecosystem intended to surround the APIs. Closely held apps may be delivered at the same time the API is made public, with partner-developed or community apps following.
???Monitor and Evaluate: This is all about measuring the usage of APIs, creating baseline metrics and tracking trends and anomalies. For commercialized APIs, there is a major focus on billing and the execution of the revenue cycle. This is also essential in managing the data that APIs collect.

As car manufacturers expose more enterprise APIs that handle sensitive data and business-critical functions, security, management, and access control have become must-have capabilities. Protecting car owners means granting API access only to approved and authenticated parties, and preventing the kind of attacks and breaches that can result in dangerous situations, legal challenges, and compliance penalties. And the growth of the connected car trend is dependent on making it easy to integrate and aggregate partner APIs, no matter what interface protocols or authentication schemes they use.

Managing the data starts with monitoring it. Comprehensive reporting and monitoring capabilities help give visibility and understanding into the performance and quality of API operations. An API reporting architecture should provide flexibility to capture data as required. Additionally, reports should be made accessible, automatically emailed, and delivered to log-management and system-management tools.

Statistics gathered through API reporting provide insight into which APIs are being used, how frequently, and when they're used, as well as who is using them. Real-time system and traffic monitoring tools that help administrators investigate transaction flows and API-server performance are also essential to a successful API management strategy. In this way, the API usage made by connected cars is visible, monitored and managed.

In summary, IoT devices such as connected cars will overtake mobile apps as the largest consumers of APIs. Car manufacturers can address privacy fears by ensuring that a secure and reliable API management strategy is in place, including a strong monitoring policy that will accurately consume and manage the data from connected cars. Doing so will provide the security needed in order for car manufacturers to successfully enter and thrive in the world of connected cars.

About the author
John Thielens is CSO at Axway, a global integration and security software company focused on data flow governance. John's background is in software development and security, and his latest area of research is related to the rapidly evolving API landscape and the new approaches to security required in this area.

To download the PDF version of this article, click here.

?First Page?Previous Page 1???2

Article Comments - Ensuring the security of connected c...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top