Existing ideas and approaches to identity management will not be entirely effective for the IoT.
The growth of the Internet of Things (IoT) requires businesses to evolve the way they define and manage the relationships between “entities” to ensure secure, efficient processes. More robust identity management plays a key role in managing the complex web of relationships.
IoT adoption in the enterprise has reached an inflection point causing many of today’s approaches to identity management to become ineffective or cumbersome. Identity and access management (IAM) leaders require an evolved way of defining and managing the identities of all “entities” within a single framework.
During the Gartner Identity & Access Management Summit taking place this week in Las Vegas, we asked Earl Perkins, research vice president at Gartner, how IAM leaders can rethink and re-architect to be successful.
Q: What IAM challenges does IoT create today for digital businesses?
A: Historically, the relationship has been between the human and the device. Now, devices and services are abundant in many different forms within the enterprise IT ecosystem. All of the IoT entities (people, applications/services and devices) within any given business moment need an identity.
The issue today is that IAM in its current form cannot provide the scale or manage the complexity that IoT presents to businesses today, impacting everything from endpoint security and network architecture to application development and data management.
Q: How can an enterprises successfully implement a successful IAM strategy for IoT?
A: IoT is not just the introduction of networked devices into digital business moments. It is a new approach to viewing and implementing processing, analytics, storage and communications. Begin by identifying devices as you do people. IoT requires identification for each and every participant in an IT ecosystem – people, software that makes up systems, applications and services, and devices – and all entities will have the same requirements to interact. In networks, these identities may be IP addresses; in devices they may be embedded keys or electronic tags; and in people they are user IDs of some kind.
The Identity of Things (IDoT) is a new component to identity management that encompasses all entity identities. These identities allows you to define relationships among the entities — between a device and a human, a device and another device, a device and an application/service, or a human and an application/service.
IAM leaders and technology service providers (TSPs) should incorporate IDoT’s relationship concepts into identity data and policy planning to support the scale and flexibility required by business moments using the IoT. In fact, the concept of dynamic relationships is critical to the success of future IAM solutions because it allows the IDoT to exist and become part of new responsibilities for IAM in the enterprise.
Q: What industries does this impacts the most?
A: Many verticals are impacted, but let’s focus on what we’re seeing in the automobile industry as an illustration. The need for IDoT is driven by the integration of advanced cloud technologies and the advent of driverless cars. For example, weather conditions may prompt sensors on a car to signal to other devices to automatically perform certain functions to make the ride safer.
Q: Where should IT decision makers start to evolve their IAM strategies?
A: While the task at hand is complex, and the failure to evolve IAM strategy will result in the inability to properly harness the intelligence and agility IOT promises, the industry as a whole is moving in the right direction.
IT decision makers should work closely with their internal or vendor IOT application developers and integrators to ensure their solutions and IAM strategy can operate effectively. Decision makers can also join the discussion as standards groups debate this issue and possible solutions and formulate different identity data models to be tested.