Identity for Consumer Applications: Internet of Things

Connected Car. Connected fridge. Connected Clothing or Jewelry. Connecting us to things, permissioning us access, syncing to networks...The proof exists. There is an ever-increasing demand for more technology to be embedded into things and systems used in healthcare, automobiles, aviation, critical infrastructure and smart cities.

Gartner calculates that around 8.4 billion IoT devices were in use in 2017, up 31 percent from 2016, and this will likely reach 20.4 billion by 2020.

What does this mean? More connections and complexity in IoT systems means we must create a more secure and comprehensive security process for the identities involved.

Did you hear recently about the casino that was hacked through its Internet-connected thermometer in an aquarium in the lobby of the casino?

When broken down to its simplest form, we can consider that there are at least two types of identity to consider and secure in the IoT space; user identity and device identity. Both are critical to the security of the Internet of Things. And on top of that lives a layer of permissionings, because you could identify something but not have permission to do with it what you please…

User Identity

Users will demand remote access to their devices from anywhere, but still require a combination of ease of use and strong security. The dilemma for most of the IAM industry. Users will also require strong authentication to devices and systems on-hand so they know they are the verified user. This will provide a trail of access to their devices and prove they are who they are whether they have their device or access another one remotely.

Device Identity

With the rise of IoT, device security and especially device identity is more important than ever. IoT devices control critical systems around the world such as cars, manufacturing systems, doors, locks, security cameras, you name it. Yet they are exposed to a variety of network-based threats. To block unauthorized parties and provide security, IoT devices must be able to conduct authentication between users and other devices within the system. Continuously.

When we think of the Internet of Things and authentication how will we know who is connected, and how can we ensure that it is an authorized user?

Out of the estimated 20.4 billion IoT devices by 2020, over half are expected to be consumer devices like TV’s, smart speakers, smart home items and wearables. How good are we with our personal digital hygiene? When was the last time you connected to a friend's wifi, or worst yet almost gave your first born for that free wifi?

Using User Data to Increase the IoT

There is an entire category that is focused on developing personal Internet of Things that leverage personal consumer data to add efficiencies to everyday lives. For example, personal wearable devices that are worn by users to monitor various health indicators; these devices also have the ability to alert users about monitored health indicators.

Another example is within the smart home where connected devices in a person’s home or apartment are also connected to the person’s cellular device, allowing the user to control various home devices from a single source.

Would you trust these types of devices? Using personal data and single sources of control to make your life more connected? Or, maybe you already do because the convenience of the solution outweighs the potential threats or a attacks on your personal data. Is the value equation right here though? Do you understand how they are really using your data? Or how much is it worth?

In the end, strong identity for users and devices is imperative for the success of the Internet of Things. Without identity authentication cyber attacks could cross the boundaries into the physical world. Traditional approaches need to be reconsidered. Going forward, identity must be at the forethought of every IoT application including individual that for devices and the end users.

Or else, we will end up with a few more stories like the 6-year old girl that ordered a $160 dollhouse and 4 pounds of cookies from Amazon using Alexa and the Echo Dot...