"Reach out and touch everything"

I just saw a spot-on quote by Parker Trewin, Senior Director of Content and Communications, Aria Systems – “The IoT is big news because it ups the ante: ‘Reach out and touch somebody’ is becoming ‘reach out and touch everything’.” [1]

Let’s consider the future of the Internet of Things/IoT. IoT solutions are estimated to grow exponentially over the next decade - Some current predictions include:

1. Gartner Group believes "Twenty-five billion objects will be linked together via the Internet of Things (IoT) by 2020."[2]
2. IDC predicts the global IoT market will grow to $1.7 trillion by 2020[3]
3. McKinsey Global Institute puts the value of IoT in business-to-business settings like smart factories at $3.9 trillion by 2025[4]

The implications of this shift are huge – especially when we evaluate the evolving requirements for identity and access management (IAM). Traditional IAM solutions focused on employee, business partners and, in some cases, external customers. With the emergence of IoT, an IAM must also be inclusive of the plethora of physical devices and potential service endpoints. Additionally, the identity services must be cognizant of the implicit relationships created through interactions with these components. Scale is critical – without it, organizations will be forced to customize IAM solutions to deal with the sheer magnitude of the IoT revolution.

When we look at the aforementioned trends, it is clear that traditional IAM solutions are no longer viable for the requirements of IoT. The implications of this growth are difficult to reconcile with traditional identity and access solutions in the following areas:

• The proliferation of IAM standards requires an open, flexible identity platform – traditional solutions are characterized by technologies and solutions to address LDAP, SAML, OAuth2, and emerging authentication/authorization standards such as UMA. And the list grows over time. Traditional identity /access solutions can be extended/patched over time to deal with these requirements – but over time the platform architecture becomes fragmented and this makes the products difficult to install and implement and, more importantly, manage over time.
• Traditional IAM vendors focused on the person entity e.g. the employee, business partner or customer. As we enter into the IoT era, the key focus is not the “carbon unit”; it is ALL of the entities including the devices. Each entity needs to have an “IDENTITY” which can be managed in conjunction with the relationships that entity has with other entities. As an example, I have multiple account profiles and multiple “devices” e.g. IPAD, IPHONE, Laptop computer, SAN Device, Fitbit etc. In addition, I have multiple relationships with these devices as well as other entities such as my wife, daughter, my bank and social media accounts. Management of these various personas is impossible without extensive customization of traditional IAM solutions.
• Finally, traditional IAM solutions focus on the security aspects solely – to be successful in the IoT era requires more than simply building a wall.   If done right, a well-designed identity solution can yield value by enabling dynamic decisions based on type of device, geo-location information, customer contact information. The key to unlocking the value of identity by enabling real time insights based on specific entities interacting in specific ways at a specific time or locations.

The emergence of new IoT-enabled identity platforms demands the requisite security management and scalability needed to support the growing demands of IoT. It is more than just security management and risk avoidance; digital identity needs to drive revenue and value through coordination of identity. Management of digital identities dynamically at the points of interaction enables visibility of the contexts for individual entities and the relationships the entity shares with other objects. In short, digital identity enables new avenues for digital transformation of business.

So - let's consider what is needed for an IoT–enabled identity platform …

1. Given the projections on IoT, it is no longer sufficient to support millions of entities; the identity platform must be able to support tens to hundreds of millions (and potentially billions) of entities. Additionally, the platform must be able to authenticate and authorize with sub-second response and provide 7X24 availability. Scale and robustness is mandatory.
2. The platform should be intuitive and non-obstructive. Unlike traditional IAM technologies, the solution should be easy to install and maintain – the solution needs to provide provisioning and management of the identity of organizational entities to include employees, business partners, customers and, more importantly, the broad range of devices are emerging in IoT. And it needs to natively support the plethora of standards emerging in IoT.
3. Finally, the platform must be flexible. This capability mandates that the platform support the myriad of IAM and security standards as well as provide an architecture, which can easily adapt to emerging internet/IoT directions. The identity platform must provide extensibility in the dynamic and evolving era of IoT to support the value proposition of digital identities.

When designing a security infrastructure for the era of IoT, identity and access management is quickly evolving into identity relationship management. Identity relationship management is required to support the security mandates and the ability to create new revenue streams based on monetization of identity relationships. The ability to support these emerging requirements is critical for organizational success with IoT. Choose wisely as you consider your alternatives for the future – your success with IoT will depend on it.

[1] https://www.ariasystems.com/blog/internet-things-quotes-consider

[2] “Predicts 2015: The Internet of Things,” Gartner, January 2015

[3] “Internet of Things Market to Reach $1.7 Trillion by 2020: IDC”, Wall Street Journal, June 2, 2015

[4] “The Internet of Things: Mapping the Value Beyond the Hype,” McKinsey Global Institute, June 2015