Data security is one of the hottest topics in terms of ‘smart home’ products and Nest looks like it is making some moves to tighten its approach up.
Nest’s ‘Works With Nest’ programme was put out to pasture earlier this year precisely because of those concerns, but now there is some information on what might replace it. Nest is shifting to a more controlled system, restricting access to audited partners and tightly limited ‘routines’.
This is part of a broader strategy to reduce the risks of home automation and prevent the kind of third-party-driven data breach that has been such a problem. It also gives the company a chance to corner more of the market than before.
In a blog this week, Google laid out three new ways to get non-Nest code into Nest devices. First, there’s a smallish set of ‘home routines’ that can perform basic things like turning off lights or temperature control, these are designed as triggers that can be activated without sharing any data. There will also be a new developer program that lets individuals reprogram their Nest devices, although it is not expected this will be very widespread.
With this new approach, most of the information flowing to other devices will come through the third option, which Nest is calling the ‘Device Access’ program. If a security system or smart home hub is going to interact with Nest, this is how it will be done, and it will mean sharing Nest’s data with the other company/manufacturer.
Everything happens within a user permission system. However, to ensure users make ‘good choices’ Nest is putting tight restrictions on the companies that will be permitted to take part. In the post, Google calls these companies ‘qualified partners’, and the qualification process is set to be very rigorous.
One aspect needed will be annual privacy audits from a third-party auditing firm, an expensive and involved process for something that could be as simple as an API call. This step will probably put some companies off or for other, particularly smaller starts up, will be a non-starter.
However, as the security issues need to be dealt with, Google’s argument runs that if you can’t guarantee safety, then you should not be involved. However, the company’s critics will point to a land-grab for control of data, the 21st century’s version of oil. Looks like things could interesting over the next 12 months.