The Internet of Things and Identity Management

By   ISBuzz Team
Writer , Information Security Buzz | Jan 02, 2014 01:58 am PST

The latest buzz in the tech world is around the “Internet of Things,” but let’s face it, few people understand what it really means and how their environment will be impacted. Instead of reflecting on the changing dynamics of our connected environment, many organizations take a limited approach to The Internet of Things. The number of devices that are connected to the Internet have grown exponentially over the last year, and will continue to do so going forward. This increase has a profound impact on businesses, as employees, partners and customers begin accessing services across a variety of devices and locations.

With the nexus of forces — cloud and mobility — driving business today, it is impossible to address security in isolation. In order for a company to have a competitive edge and truly embrace the Internet of Things, everyone from the CIO to developers must give context to the term and start by approaching it and its security from its core — the relationship between the “thing” and its user.

Impact on identity

To manage the relationships in this new Internet-connected world, organizations need to look beyond access and protection. In the past, security was about identity and access management, but with today’s extreme level of connectedness, organizations must consider how they engage with customers and partners online, as opposed to solely thinking about employee access. As a result, systems and processes need to change. Agility, flexibility and scalability are essential, and identity and access must now center on relationships to meet quickly growing demands of customers, partners and employees.

With companies opening up to their external stakeholders, they must move away from a classic “castle defense” model, where their security systems become business enablers rather than just protectors. Traditional identity and access management (IAM) is built for internal use and has a number of limitations that are just not suited for a modern world filled with Internet-connected devices. Previously, it was all about sitting behind the firewall, but now identity systems need to manage information beyond the wall, on an Internet scale. I like to think of this new system as “identity relationship management” or IRM.

How to embrace the Internet of Things

This new world of connected devices and expectations from customers, partners and employees to access information from anywhere, on any device can make the most innovative and trend-savvy of CSOs and CIOs anxious. So, what should they consider when tackling the security issues related to the Internet of Things?

1) Modular: With a set of new complex access demands, the security solution needs to be purpose built to handle complexity that is caused by multiple users, devices, access points and privileges to company data. At the same time, they need to be able to continue protecting legacy applications and services.

2) Scalable: We are now dealing with Internet scale, which means that the number of users can expand exponentially from just thousands of users to now millions of users in a short period of time and over several geographic locations. The identity system needs to be scalable and dynamic enough to deal with these changes and serve content regardless of location.

3) Borderless: With the Internet of Things, we live in an anywhere, anytime world, so companies need to provide “borderless” and secure access to applications that are not only stored on premises, but also in the cloud and accessed from any Internet-connected device.

4) Context: Traditional IAM dealt with a set of specific tasks and static data but IRM is created to serve a variety of needs that can help companies better engage with stakeholders based on context and behavior. As such, it needs to be intelligent enough to evaluate different circumstances and make the best judgment, for example using adaptive and two-factor authentication when a user logs in from an atypical device.

By evaluating solutions based on these characteristics, companies can take the next step in embracing the Internet of Things. It’s not just about accepting bring your own device (BYOD) employee policies, but also leveraging these devices to create customer interactions and value. With an increased interaction with customers, organizations are able to offer new revenue-generating services. The Internet of Things is completely changing the landscape of how companies engage in business, so it’s time for security solutions to evolve to help organizations get to the next level.

Daniel Raskin

Daniel Raskin | | @raskindp

Bio: Daniel is currently VP of marketing at ForgeRock and has more than 15 years of experience building brands and driving product leadership. Prior to joining ForgeRock, he served as chief identity strategist at Sun Microsystems. Daniel has also held leadership positions at McGraw-Hill, NComputing, Barnes & Noble and Agari. He holds a master’s degree in international management from Thunderbird School of Global Management and a master’s degree in publishing from Pace University.