Securing the Identity of Things (IDoT) for the Internet of Things

Neil Chapman of ForgeRock

In its recent report, The Identity of Things (IDoT) for the Internet of Things, Gartner lays out how it believes the Internet of Things (IoT), or what is often now referred to as the Internet of Everything (IoE), cannot and will not prosper unless organisations knuckle down and come to grips with how to manage multiple identities.

The report then goes on to detail how today’s identity and access management technologies cannot provide the scale or manage the complexity that IoT brings to these organisations, further complicating the problem.

A strikingly common misconception I come across in the industry, says Neil Chapman of ForgeRock, is that IoT is just about introducing different types of devices into business scenarios. It’s not.

Businesses looking to harness IoT in fact require a completely different approach to viewing and implementing processing, analytics, storage, and communications. Certainly, identifying ‘who’s who, what’s what, and who gets access to what’ is one aspect. But how this is processed, managed, protected, stored, and communicated is a whole new kettle of fish for businesses.

Identity management

Identity management is not just about securing IoT devices; it must rationally secure and make sense of the entire environment, from customers to partners, websites to webpages, to mobile devices, apps, and the cloud. This is by no means a comprehensive list – just one that will hopefully give you an idea of the number of links in the chain.

Static and portable devices need to communicate. Human-to-Machine (H2M) and Machine-to-Machine (M2M) identification and interaction must also take place. Without the right model, organisations make data vulnerable to security breaches.

Securing the Identity of Things in the Internet of Things demands a new way of thinking about connectivity and security.

Back in an age where companies only connected computers to other trusted computers, life was far simpler. Legacy systems were created to maximise internal security, keeping threats well outside. Security was perimeter-based. Firewalls protected organisations. Identity was about internal stakeholders, creating identities for employees to access the right information and services securely. Businesses used to have to cope with, on average, 20-40,000 identities.

However, the dawning of the IoE has turned this on its head. Organisations everywhere need systems that provide secure access externally, to customers, partners, and other important stakeholders. This means systems have to cope with millions of identities, and most of them outside any firewall. Static and portable devices need to talk to each other, and then there’s H2M and M2M identification and interaction on top of that.

Customers need to access company systems via multiple devices or objects and expect a bespoke user experience based on how, when, and where they access services. This requires a single, secure platform to unify the entire company ecosystem and enable a straightforward, repeatable way of securing an increasing number of devices. Building a platform that supports and unifies the entire ecosystem is challenging enough, but organisations also need to be able to support new services, new devices, and new infrastructure on the back end.

So how do businesses protect data they can’t see as it’s communicated between machines and other parts of the ecosystem?

Contextual knowledge is power

Contextual intelligence and awareness can add significant value to digital services. For instance, a connected car can remember the personal preferences of every driver or the Sony Smart B Trainer can offer personalisation to support the user’s individual fitness goals. This new data enables companies to better understand their customers, as well as protect them. Devices come to know what to expect from you as a typical user — and notice abnormal behaviour that triggers enhanced security measures. This kind of contextual intelligence also opens up revenue opportunities for cross-selling, upselling, and delivering personalised services.

Encrypting and authenticating this data is essential; however, it is also imperative to understand who accesses data and how, as well as where and when they access it. Knowing this information will help authenticate the user and confirm that their behaviour is in-line with past behaviour.

Real-time contextual clues, in addition to credentials, provide organisations with the tools needed to decide whether to grant access and how much access to allow. For instance, if a system detects a login attempt with correct credentials, but from an unrecognised IP address or at an uncharacteristic time of day, it can activate additional security measures such as requesting personal security questions or sending verification codes to a user’s mobile phone.

The speed at which organisations get to reap the rewards of IoT lies firmly in their hands. The Internet of Things requires oganisations to understand and manage an external-facing identity management platform effectively. Unless organisations can link objects, devices, and new mobile and social apps to a single security platform, they won’t be able to truly harness the enormous growth potential offered by IoT. At the dawn of IDoT, that’s one quick way for an IDioT to watch the sun set on their business.

The author is Neil Chapman, senior vice president & managing director EMEA, ForgeRock

You can comment on this article here or on Twitter:     @m2mnow     OR      @jcm2m

Recent Articles

Tuya Smart kicks off inaugural AI+IoT Business Conference Virtual Conference, bringing together key industry leaders in the SEA IoT scene

Posted on: September 25, 2020

Sponsored News: In the time of social distancing and pandemic restrictions, technology has become more important than ever to maintain our working productivity and social bonds. In a virtual first, the annual AI+IoT Business Conference (ABC) hosted by the AI+IoT Intelligent Business Alliance will focus on the impact of IoT for the Southeast Asian region.

Read more

Equinix data centres to connect Nokia to mobile, IoT and cloud ecosystems

Posted on: September 24, 2020

Digital infrastructure company, Equinix, Inc., has been selected as a strategic supplier for Nokia’s Worldwide IoT Network Grid (WING) managed service, in a collaboration to bring next-generation edge architectures and services to market. WING allows operators without an Internet of Things (IoT) footprint to gain fast entry to the IoT market or to help operators expand an existing

Read more