The Internet of Things (IoT) is estimated to reach $2 trillion in revenue by 2020, with more than 20.4 billion connected ‘things’ in use. While IoT is creating a variety of economic opportunities, the diversity of things makes IoT hard to architect and manage for IoT solutions architects.
IAM will soon become, if not already, an integral part of each and every IoT solution.
Users, devices, IoT gateways, applications and services all have a role to play in IoT solutions, and they all need identities to form a secure and trusted IoT.
Saniye Burcu Alaybeyi, research director at Gartner, says identity and access management (IAM) will be vital to effective IoT solutions. Ms. Alaybeyi further adds that IAM will soon become, if not already, an integral part of each and every IoT solution, and this is why.
Three market forces have converged to drive identity, access and attribute correlation in IoT.
IoT Platforms Need to Support IAM
As opposed to IAM vendors, IoT platform vendors, in general, focus less on maintaining privacy and providing required authentication, and lack the concept of managing user identities.
“However, this trend is changing,” says Ms. Alaybeyi. “Several IoT platform product managers at technology and service providers have started to incorporate various device identity and access technologies into IoT platforms to simplify security designs in IoT deployments. This situation accelerates the adoption of IAM in a diverse set of IoT market segments.”
Traditional IAM Will Not Suffice for IoT
To support IoT, IAM platforms will need to deal with billions of devices and associated identities, policies, and the relationships that they all need to have. To accomplish this, many vendors already have provided scalable runtime access to ensure secure authentication and authorization at high transaction rates with subsecond latencies.
Going forward, vendors will have to consider the ability to reduce the storage footprint, manage both structured and unstructured data and its attributes, and continue to improve support for deployment in the cloud as well as on premises. Vendors have to also consider utilizing data that is generated by the IoT devices because this data can also be used as a basis for authorization decisions.
IoT Needs Device-Embedded Authentication
Most IoT device manufacturers and platform providers are ill-equipped to serve the authentication needs (design and embed security controls, including device authentication, to the device firmware), and the sheer number of diverse IoT authentication use cases with internal technology, skills, dedicated resources and services. As a result, they are engaging with niche authentication providers or product specialists based on stable partnerships or case-by-case deals.
While it will take a few years for the industry-specific authentication standards to firm up and find acceptability in the market, authentication providers and IoT device manufacturers must emphasize on promoting industry-specific standards by limiting opportunities of proprietary customizations for the benefit of the industry and the consumer.