The Internet of Things continues to cause excitement for product manufacturers in every industry. By connecting the product they make to the Internet they will unlock access to more data than they could possibly imagine to help improve a range of issues, such as customer service, product development and so on.
Simple, right? Well, actually it is a little more involved than that! One of the biggest considerations is how are you going to manage identity and access across the many end users, applications, devices and partners in your connected product ecosystem.
This is vital for any business thinking about entering the market place. Those wanting to exploit security weaknesses are likely to target startups or even established businesses that have raced to launch their IoT product before competitors. Hackers know that a lot of businesses are in such a hurry to enter the marketplace that security, particularly identity and access management (IAM) takes a backseat. The result is that before you know it, someone with way too much time on their hands has managed to find their way into your network and stolen vital customer information or worse.
If this happens often enough, customers will soon become wary of purchasing IoT devices, which could damage not only a business, but the industry as a whole. This is such a concern that analyst firm Gartner state: “Managing identities and access is critical to the success of IoT”. They go on to say that IAM in its current form cannot provide the scale or handle the complexity required by each and every IoT product.
“IAM in its current form” refers to people-focused IAM, which relies on simply verifying the identity of, and giving access to, a user. Instead, for IoT to be a success the new IAM model needs to encompass the user, the device and the service, also known as “entities”.
A truly effective IAM system will know which of these entities has access, when, where and how, and be able to control that access – what we call the identity of things or IDoT. This is a big ask for many physical product manufacturers, particularly those not at all familiar with building software applications or network security. Even those that are, can take a year or more to develop a halfway decent IAM system.
The result is that many companies are going to turn to an IoT platform to provide secure connectivity and IAM capabilities for them. Yet while many of these platforms promise the earth, they are unable to deliver results at scale because they still can only manage identity between one product and one user’s app. What happens, for example, if the nature of your product means the authorised user has to keep changing? Or that product has multiple users at the same time? For instance, the landlord of an apartment may have a connected door lock installed that will require multiple users (and likely other products) having different types of access and authentication credentials.
The ideal platform should offer a simple way of managing the identity and access of all these different entities, while maintaining the toughest security measures, mapping out what is connected, where, how and who by. Only then will manufacturers be able to create truly deployment-ready IoT products that protect themselves, their customers and their partners.
By Sean Lorenz
Sean Lorenz is the Director of IoT Market Strategy at Xively by LogMeIn