Would you let Amazon unlock your door?

[Free CISSP Exam Study Guide] Get expert advice that will help you pass the CISSP exam: sample questions, summaries of all 8 CISSP domains and more!

amazon keyAmazon recently announced the launch of the Amazon Key, allowing the Amazon delivery person to open your door in order to place your package inside, where presumably it will be safe from theft, the weather, roaming wolf packs, bears, and general mishap.

Not all the commentary about this service (and associated camera, lock, etc.) have been positive. In fact, some has been rather negative or at least satirical.

Yes, of course there are concerns over security, privacy, and whether it’s really a good idea, generally, to let a corporation have access to your house. But, the adoption rate for this technology isn’t really the story here. Yes, of course, we should be careful with allowing a company to share control over our front door, although there’s no reason to think this particular technology is any less secure than any other smart door lock or that Amazon has anything nefarious in mind.

What matters here is that this is, yet, another salvo in the escalating war to win your home; a war that Amazon is currently winning, at least in volume of devices. This matters – not just to consumers, consumer advocates, and B-to-C business – to enterprise businesses, service providers, governments, and frankly anyone who uses the Internet.

While right now there’s a relatively clear line between work and home, that line is rapidly disappearing. Employers and employees alike are starting to expect far more seamless linkage between the availability of systems and data at work and the availability of the same services at home (and in the car, too).

Remember when BYOD was a thing? When people actually debated whether employees would be able to use their own phones, tablets, and laptops on the corporate network? While for some, highly secure environments, that’s still not an option, for most it’s simply a fact of life.

And, as homes get smarter and smarter, the pressure to see the home as a logical extension of the work network becomes greater. We’re not just talking about setting up a VPN from your laptop, either. As homes get smarter, and as more and more devices in them connect, the attack surface of your corporate network starts to expand at an accelerated, uncontrolled rate. As a result, whoever builds, owns, and manages the centralizing hub, around which the smart home is built, will matter – a lot – because their capacity to manage those devices, to oversee access to them, and to look for signs of attack, will become why organizations manage risk.

In the end, things like the Amazon Key aren’t about controlling access to the door, they’re about controlling access to the entire smart home. It’s not a point solution, instead it’s part of a grand strategy to become the de-facto technology around which the smart home of the next decade is built, and that smart home is going to be part of your corporate network, whether you like it or not.

A lot is riding on the security of this technology, and how willing the builders of smart homes, and smart home technology, are going to be to work with others to make that technology resilient to attack – attacks that will mount in severity over time. As smart homes become an extension of corporate networks (in the same way that smartphones already have), they will become the target of significant attack, up to and including nation-state sponsored attacks trying to penetrate enterprise networks.

If we can’t make this all work together, then the delivery guy opening the door won’t be the only person you have to worry about having more access than you would like.