CONTACT USPlease enter your name. Please enter alphabets only for Name. Please enter Organization. Please enter valid email id. Please enter Phone number. Please enter numeric only for Phone number.
This blog is published byArun Nagabhushan
Change is ‘inevitable’ in Technologies. New technologies will be arising every here and then. Few years ago, Internet of Things was the “Next big thing”. It had wide possibilities: millions of device objects were to be connected to the Internet and interconnected under the supervision of human beings. For enterprise, data accumulation and human supervision of those devices to improve people’s lives. But today the scenario has changed, the experts have started having concerns about technical, business and security approach from Internet of Things (IoT) to Identity of Things (IDoT). Regardless of whom you talk to, nobody denies that IDoT will be the next big “thing”.
The early adopters of Internet of Things (IoT) have left behind Identity and access management (IAM). Now, many big organizations are struggling to deal with the consequences. Any successful IoT implementations will have complex relationships to people, things, and services, and capable of sustaining and secure method for delivering operational value from device led solutions, is to enable firm Identity across all touch points and interactions.
As per the recent Gartner Research forecasts that over 20 billion IoT devices will be in use worldwide by 2020.
Why IoT requires IAM
IoT has reached a stage where consent and control over the devices and data is critical to the further success. The solution must offer a set of identity controls that properly govern who has access to what, when and why. In the identity world, these controls are the well-known concepts of authentication and authorization. In device-based identity management for IoT provides a range of benefits in the form of device management, predictive failure management, and automation.
Gartner predicts by 2020, more than 25 percent of identified attacks in enterprises will involve IoT, although IoT will account for less than 10 percent of IT security budgets.
Challenges and Impacts
Few Examples to elaborate on the topic
The smart devices will not be in distant future to make transactions on behalf of their owners which must be controlled to manage risks including transaction repudiation.
A smart refrigerator will be enabled to make transactions/purchases through online without their owners being present based on the availability of food stored in it. How would business deal with validating the authenticity of the transactions and fight repudiation.
The traditional identity management can focus on Identities, but same attention has to be paid to all the entities making part of the system, then the approach changes drastically. It is no longer necessary to manage only the identity of a person connected to an application or asset, which is normally the case in IAM systems but also of a user connected to a device, two interconnected devices and an application. It is the new open, but secure ecosystem of the Identity of Things (IDoT), where all entities have the same interaction framework.
The Users try to communicate with the “Things” which includes security management which is composed of identity, access and right management. Users make use of IoT Applications to communicate with Smart Things which involves IoT Framework and as well as IAM Systems for authentication and authorization and also Identity Management to keep track of all devices like who has access to what, what sort of permission they have on devices etc.
Managing the Identity of Things (IDoT) involves assigning the unique identifiers to devices and things as well as authorization to communicate, share data, and transact. Every device will be assigned an identifier by IAM and it keeps track of who has access and how long the access he is required to have and also it revokes once the access is no longer required by a User. IoT Apps communicate with IoT Framework which includes Policy, API, Event Management etc. which in turn communicate with IAM System for various things including authentication and authorization. IAM in turn communicates with Gateway. The gateway is a device which is responsible for gathering data from sensors and communicating with other systems (like IAM Systems, Smart devices) when something needs to be controlled.
Once a collection of attributes has been defined and collected from a device, the attributes need to be stored during the device registration process. Few devices, registration may need some sort of unique verification to confirm that the device itself is legitimate. This is primarily important in the consumer IoT space, where connected items such as cars, sports apparel and equipment need to be protected from the threat of fake items. To eliminate the fake items, a simple approach could be to compare a value provided by the device to data held by the manufacturer of the device, such as a hard-coded unique identifier.
IAM for IoT should enable organizations to unify user identities, devices, and data in order to deliver consistent, personalized customer experiences on every channel to increase loyalty and revenue.
Current growth and requirements for IOT are focused on inter-operability and device connectivity. It seems the end result of increased connectivity and data collection is yet more data (metadata). From an operation standpoint, the data is used for predictive analytics and efficiency platforms, that can help to build a competitive edge. Data is what drives new revenue and business opportunities, whether the IoT solution is focused on customer service, automobile safety precautions, healthcare, energy efficiency or helping to develop autonomous machines.
We have begun to identify the risks and the identity management experts are working diligently to introduce solutions which addresses the risks. Evidently, Identity governance will be key to making sure that entities are able to communicate with one another and perform tasks which are approved and can be assigned ownership to a human identity for accountability purposes.
No related posts.
Arun Nagabhushan, have 5+ years of experience in the areas of Identity and Access Management, Access Governance and information security consulting. He is working as SME in the IMSS IAM security practice, HappiestMinds Technologies, Bangalore, India
Arun Nagabhushan Arun Nagabhushan, have 5+ years of experience in the areas of Identity and Access Management, Access Governance and information security consulting. He is working as SME in the IMSS IAM security practice, HappiestMinds Technologies, Bangalore, India
These blogs might interest you
by Mouna Ramesh on 28 Aug 2019
by Subramanya Ajjampur on 2 Aug 2019
by Jyoti Bilgoji on 22 May 2019
by Viswanath Subramaniam on 29 Mar 2019
Subscribe for blog updates
ABOUT HAPPIEST MINDS
Happiest Minds enables Digital Transformation for enterprises and technology providers by delivering seamless customer experience, business efficiency and actionable insights through an integrated set of disruptive technologies: big data analytics, internet of things, mobility, cloud, security, unified communications, etc...