Many data breaches begin with bad actors stealing legitimate user credentials — a fundamental flaw in wider security systems. Logically, by locking down user identities, you can protect against stolen credentials and insider threats. But what if that threat is no longer a person or even a physical entity?

We all know the huge opportunity the Internet of Things (IoT) represents in terms of productivity, efficiency and overall market size. IDC and Gartner predicted market opportunities of $1.7 trillion for the wider ecosystem by 2020 and $868 billion alone for enterprise in 2016, respectively.

The potential of the IoT is clear, but many pervasive questions still remain — and these require answers. One such question focuses on business impact and general operational awareness: Are enterprises fully aware of the identity and access management (IAM) challenges potentially posed by the IoT?

A New Way of Approaching the IoT

The growth of the IoT requires businesses to evolve the ways they define and manage relationships between entities to ensure secure and efficient processes. As you would imagine, more robust identity management plays a key role in managing this increasingly complex web of relationships.

Historically, the IAM relationship has been between a human and a device. More recently this has evolved to include smart objects such as cars and even houses. Devices, objects and services are now abundant in many forms within the enterprise IT ecosystem. As such, all IoT entities — such as people, applications, services and devices — within a given enterprise ecosystem need an identity.

One of the key issues with IAM in its current form is that it does not provide access management at scale to match the complexity presented by the IoT. Another issue is that many companies often overlook the measure and fail to recognize IAM’s intrinsic value and necessity.

The IoT requires the identification process to be extended for each and every participant in the IT ecosystem since these various elements all have the same requirements to interact with each other. Identities for objects might include IP addresses, embedded keys or electronic tags. For human beings, identities can include user accounts or a unique number. But where IAM was previously associated with the physical identification of individuals, the IoT has put a new spin on the things.

The Identity of Things?

The immersive nature of the IoT and its relation to IAM could be referred to as the Identity of Things (IDoT). It certainly requires new definitions of the relationships between the elements involved. An awareness and understanding of the IDoT as an essential part of a more holistic IAM discussion is key for all companies, big and small, when looking to leverage the potential business intelligence advantages of the IoT.

The last several years have seen IAM become less of a siloed, stand-alone endeavor. Rather, it brings together the multiple access management elements into a cohesive, synchronized system working toward a single goal: robust enterprise security.

The IoT has blurred the lines, making the task at hand increasingly complex. The failure to evolve IAM strategies accordingly will result in a potentially crippling inability to properly harness the intelligence and agility promised by the IoT. However, the security industry as a whole is moving in the right direction, and we’ve now reached a high-water mark.

In this age of IoT, the main point is not that connected things can access an enterprise, but rather that things can be accessed. This has the potential to be far more explosive; just look at the example of the hijacked Jeep at the Black Hat conference last year.

The IDoT is the next challenge on the horizon for IAM as we know it. More importantly, it’s the next hurdle for enterprises looking to harness the business intelligence and benefits of the IoT. If the recent advances of the last 24 months are anything to go by, however, we should simply view it as the latest in a long line of IT and business challenges to overcome rather than an impassable obstruction.

Download the 2016 Cyber Security Intelligence Index

More from Identity & Access

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

An IBM Hacker Breaks Down High-Profile Attacks

On September 19, 2022, an 18-year-old cyberattacker known as "teapotuberhacker" (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then posted those videos on the fan website Gamers got an unsanctioned sneak peek of game footage, characters, plot points and other critical details. It was a game developer's worst nightmare. In addition, the malicious actor claimed responsibility for a…