Everywhere you look, technology is changing the game in terms of how businesses have traditionally operated. Lately I’ve been doing a lot of work with organizations in the taxicab industry, which is challenged to adapt its IT security infrastructures and policies to manage waves of disruptive change.
One major vector of disruption in this industry is e-Hail services. When you download an e-Hail app and sign up for the service, you give the provider a credit card number. Then whenever you need a cab, the app automatically determines where the closest available “partner” cab is located, and dispatches it to you.
While this service is popular with cab users, it circumvents traditional cab dispatch systems, and thus introduces a host of security and service concerns. For example, how much authentication does the app provider do on who registers as a driver? Passenger location information (which implies “I am in a low-traffic area, have money but don’t have a car and may be alone.”) is potentially available to anyone who signs up.
There are also a host of enforcement and regulatory issues related to how these services work. Say you’re a cabby and you sign up independently with an e-Hail service provider that lets you purchase a “gold plan.” This gives you dispatch priority over cabs on the “regular plan.” The e-Hail provider is now effectively extorting money and generating different service levels in what had formerly been a more level playing field. Then there’s the possibility of bribes, kickbacks… all sorts of issues come up around the fairness of the new system and the enforcement practices that municipalities need to put in place.
Enforcement agencies are having difficulty dealing with e-Hail apps in the areas they’re responsible for. For example, in New York City there’s been a push to come out with what’s known as a memorandum of understanding, which effectively specifies how the City wants any such apps to operate within its jurisdiction. Other major cities in the US and around the world are dealing with similar issues in their own ways.
Even more disruptive to “business as usual” in the taxicab industry are carpooling or peer-to-peer ride-sharing apps. Even the tech giant SAP now offers a carpooling app as part of its push for corporate sustainability. Is this “a new era of hitchhiking”? Or are drivers effectively operating as gypsy cabs – with no insurance, no training, no maintenance checks on vehicles, and so on. Is that ride you just signed up for safe? The due diligence of the app provider is perhaps the only source of data to track drivers and passengers. And many such providers want regulators to view them as information services rather than transportation services, and thus limit access to driver/rider data.
If a cabby or ride-share provider is shot and killed by a passenger, how does the local enforcement agency find out who was in the back of that cab? There are long-standing, well-understood processes in place for that today within the regulated taxicab industry. But now third-party app providers are involved. Do they keep the right records and do they keep them for long enough? These new services are adding layers of complexities to the regulatory and IT security environments of this industry.
Your company may not be in the taxicab industry, but chances are that it will face challenges of a similar scope in the near future due to disruptive technology. To cite but one example, a recent Gartner study predicts that by 2017 half of employers will require employees to supply their own devices for work purposes: “… the most radical change to the economics and the culture of client computing in business in decades” according to a Gartner analyst. Who will own the data on those personal devices? Will companies wipe departing employees’ personal phones? Lines around privacy and security quickly get blurred.
Predicting the impacts of disruptive future technologies is next to impossible – there’s only so much planning you can reasonably expect to do. But if you have a solid IT security foundation in place, you’ll almost certainly be able to roll with disruptive change with less cost, risk and vulnerability than if your environment is less mature.