June 9, 2016 By Angelika Steinacker 3 min read

Many data breaches begin with bad actors stealing legitimate user credentials — a fundamental flaw in wider security systems. Logically, by locking down user identities, you can protect against stolen credentials and insider threats. But what if that threat is no longer a person or even a physical entity?

We all know the huge opportunity the Internet of Things (IoT) represents in terms of productivity, efficiency and overall market size. IDC and Gartner predicted market opportunities of $1.7 trillion for the wider ecosystem by 2020 and $868 billion alone for enterprise in 2016, respectively.

The potential of the IoT is clear, but many pervasive questions still remain — and these require answers. One such question focuses on business impact and general operational awareness: Are enterprises fully aware of the identity and access management (IAM) challenges potentially posed by the IoT?

A New Way of Approaching the IoT

The growth of the IoT requires businesses to evolve the ways they define and manage relationships between entities to ensure secure and efficient processes. As you would imagine, more robust identity management plays a key role in managing this increasingly complex web of relationships.

Historically, the IAM relationship has been between a human and a device. More recently this has evolved to include smart objects such as cars and even houses. Devices, objects and services are now abundant in many forms within the enterprise IT ecosystem. As such, all IoT entities — such as people, applications, services and devices — within a given enterprise ecosystem need an identity.

One of the key issues with IAM in its current form is that it does not provide access management at scale to match the complexity presented by the IoT. Another issue is that many companies often overlook the measure and fail to recognize IAM’s intrinsic value and necessity.

The IoT requires the identification process to be extended for each and every participant in the IT ecosystem since these various elements all have the same requirements to interact with each other. Identities for objects might include IP addresses, embedded keys or electronic tags. For human beings, identities can include user accounts or a unique number. But where IAM was previously associated with the physical identification of individuals, the IoT has put a new spin on the things.

The Identity of Things?

The immersive nature of the IoT and its relation to IAM could be referred to as the Identity of Things (IDoT). It certainly requires new definitions of the relationships between the elements involved. An awareness and understanding of the IDoT as an essential part of a more holistic IAM discussion is key for all companies, big and small, when looking to leverage the potential business intelligence advantages of the IoT.

The last several years have seen IAM become less of a siloed, stand-alone endeavor. Rather, it brings together the multiple access management elements into a cohesive, synchronized system working toward a single goal: robust enterprise security.

The IoT has blurred the lines, making the task at hand increasingly complex. The failure to evolve IAM strategies accordingly will result in a potentially crippling inability to properly harness the intelligence and agility promised by the IoT. However, the security industry as a whole is moving in the right direction, and we’ve now reached a high-water mark.

In this age of IoT, the main point is not that connected things can access an enterprise, but rather that things can be accessed. This has the potential to be far more explosive; just look at the example of the hijacked Jeep at the Black Hat conference last year.

The IDoT is the next challenge on the horizon for IAM as we know it. More importantly, it’s the next hurdle for enterprises looking to harness the business intelligence and benefits of the IoT. If the recent advances of the last 24 months are anything to go by, however, we should simply view it as the latest in a long line of IT and business challenges to overcome rather than an impassable obstruction.

Download the 2016 Cyber Security Intelligence Index

More from Identity & Access

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today