Connected things need a true identity

One of the biggest challenges we face with the onslaught of the Internet of Things (IoT) is security, especially when it comes to identity management.

Right now Identity and Access Management (IAM) cannot manage the complexity IoT will bring to enterprises, according to Gartner, which believes the whole concept of IAM will need to be re-thought out. To resolve this issue it has come up with a new acronym Identity of Things (IDoT), an extension to identity management.  Gartner believes that IAM will have to mature significantly as current solutions just can’t scale to the size or complexity IoT brings to the enterprise.

IDoT implementations have complex relationships with people, things and services.  The only way of securing IDoT is to enable identity across applications and devices. IoT applications must offer a set of identity controls to oversee who is actually accessing them, whilst securing private data.  A successful IDoT deployment knows who has access when, where and how and can control that access at all times.  For example, a bar code in your intelligent fridge will say you have run out of products and need to order more. It will send that order directly to your online supermarket, which will pace an order using your credit card.  You will be alerted via your smartphone that your order is on its way.  Access and authentication credentials must be secured every step of the way in the supply chain.

The trend towards IoT is set to bring with it a flood of products.  Gartner forecasts that there will be 4.9 billion devices connected this year and this will hit 25 billion by 2020.  IoT is an extremely powerful force for business transformation and its disruptive influence is being felt across all industries and corners of society. 

“The digital shift instigated by the Nexus of Forces (cloud, mobile, social and information), and boosted by IoT, threatens many existing businesses. They have no choice but to pursue IoT, like they’ve done with the consumerization of IT,” said Jim Tully, vice president and distinguished analyst at Gartner. 

Market research company IDC is forecasting a major growth for the IAM market. It forecasts that the IAM market will jump from $4.8 billion in 2014 to $7.1 billion in 2018.  This represents a huge growth of nearly 48% in just four years.

"Market drivers include the convergence of mobility, social networking, and big data analytics and an increasing demand for cloud and SaaS delivery of traditional IT software and services,” explained said Pete Lindstrom, research director for Identity and Access Management.  All of which neatly dovetail into the IoT revolution.

Rethinking IAM for IoT

IDoT will force enterprises to think in a very different way if they are to make IoT work for them.

"IAM leaders must reconsider how traditional approaches to cybersecurity and IAM work in a world where devices and services are so abundant, in so many different forms and positioned at so many different points within the IT ecosystem," said Earl Perkins, research vice president at Gartner.

The tidal wave of IoT means that those who head up IAM in digital businesses must rapidly come up with a way of defining the identities of people, services and things, referred to as ‘entities’, within a single framework in a bid to understand the huge number of relationship combinations that will exist and use them effectively to transact business.  Of course, outlining who gets access to what is crucial, but this is only the first step. Gartner notes that IOT isn’t simply about the arrival of a plethora of networked devices, it is about enterprises having a transformation strategy in place to enable them to view and implement processes as well as deal with data analytics, storage and communications.

IDoT will have to uitilize existing management systems to develop this single framework for IoT. Up until now IT asset management (ITAM) and software asset management (SAM) systems have managed IT and software assets within the enterprise. Gartner sees IDoT taking on some of functional characteristics of ITAM and SAM within or integrated with IAM architecture, or possibly linked to ITAM as so called attribute stores.

"The Identity of Things requires a new taxonomy for the participants in IAM systems. People, software that makes up systems, applications and services, and devices will all be defined as entities and all entities will have the same requirements to interact,” explained said Ant Allan, research vice president at Gartner.

Plan now, not later!
Identity management, as we can see, isn’t just about securing devices.  It is about enterprises understanding their entire business environment from customers and partners to their website, apps and what sits in the cloud. Without making sure every aspect isn’t bolted down they are leaving themselves open to security breaches.

IoT is undoubtedly forcing enterprises to look carefully at how they manage their assets and user identities. It is demanding a new way of thinking about how security and connectivity is managed. To really harness the power of IoT and the opportunities it brings, enterprises must start planning for a single security platform.

Of course, the goal is a real identity management system, but there will be many hurdles to jump before this is reached.

Stewart Baines
Stewart Baines

I've been writing about technology for nearly 20 years, including editing industry magazines Connect and Communications International. In 2002 I co-founded Futurity Media with Anthony Plewes. My focus in Futurity Media is in emerging technologies, social media and future gazing. As a graduate of philosophy & science, I have studied futurology & foresight to the post-grad level.