AS THE INTERNET OF THINGS (IoT) moves into the mainstream of business, managing and authorizing systems is critical—and a formidable challenge. Enter the Identity of Things.
“In order to use the IoT and today’s digital frameworks effectively, you have to understand what’s in place and how things are connected and interconnected,” says Barika Pace, research director at Gartner.
The Identity of Things takes aim at this challenge by using metadata—typically associated with a unique identifier—to track and manage IoT components. The concept is especially important as organizations adopt solutions that create an ecosystem of sensors, devices, and users. “Without a framework in place to manage connected devices, things can become completely unmanageable,” says Jim Kaskade, CEO of digital identity firm Jainrain Inc., in Portland, Ore.
While there’s no single approach for handling access management and security for connected devices, the Identify of Things offers a way to automate and improve business and IT processes.
The ubiquity of IoT devices is a big part of what makes them so hard to manage. Gartner predicts that more than 21 billion connected devices will be in use by 2020. As organizations look to extract maximum ROI from billions of systems, it’s critical to ensure that they are operating effectively—and securely. All of this must take place automatically and invisibly; an identity management framework, the Identify of Things essentially serves as the traffic cop.
The Identify of Things uses unique identifiers (UIDs) and associated metadata to establish and maintain seamless communication between devices and across a system. Moreover, as smart cities, supply chains, and other complex ecosystems take shape, the need for a device management framework grows exponentially. “You cannot have passwords associated with every sensor or device, and you cannot manually check every system to ensure that it’s working as billed,” Kaskade stresses.
An Identity of Things system can reside on premises or in the cloud, and it can involve different tools and resources from one or more vendors. The common denominator is that an Identity of Things framework requires some type of application or database to oversee a collection of connected devices. “It’s essential to identify devices, authenticate them, and patch [them] over the open air,” Pace explains.
A soundIdentity of Things strategy starts with an understanding of your customer’s vertical industry and business processes, and the relationships of objects to individuals who utilize the device or system on a daily basis, Pace says. It then proceeds to address four key needs:
- Understanding the authentication mechanism. A credential should revolve around communication security and how it impacts the device, Pace says. Not all devices have the same set of memory resources. “You have to consider the constraints and capabilities of the device,” she adds.
- Knowing the strengths and limitations of a device. It’s vital to understand how devices and groups of devices interact in a broader IoT ecosystem, Pace explains. “An organization may have a network segmentation strategy or firewall in place. However, these aren’t necessarily going to help with a smart meter or smart car operating in the wild.” Recognizing the constraints of the ecosystem is key as well, she says.
- Establishing multilayer authentication and ensuring that connections are secure. Verifying trust among devices and parties is critical. This may necessitate the use of light biometrics, light blockchain, and possibly other security tools. It may also involve dual authentication in some cases.
- Limiting authorization decisions at the end of the network. “You have to understand how information is traveling from a device to the entire ecosystem,” Pace says. “When you have a holistic view, you can design the right authentication and think in a bimodal way. You can authorize and limit access to any given device.”
As channel pros wade deeper into the IoT, an Identity of Things strategy is critical to manage and secure devices. “It’s an issue that organizations must address,” says Kaskade.