Securing the Identity of Things (IDoT) for the Internet of Things

Author: Allan Foster, Chief Technology Officer – Asia Pacific and Japan, ForgeRock

In its recent report, The Identity of Things (IDoT) for the Internet of Things, Gartner lays out how it believes the Internet of Things (IoT), or what is often now referred to as the Internet of Everything (IoE), cannot and will not prosper unless organisations knuckle down and come to grips with how to manage multiple identities. The report then goes on to detail how today’s identity and access management technologies cannot provide the scale or manage the complexity that IoT brings to these organisations, further complicating the problem.

A strikingly common misconception I come across in the industry is that IoT is just about introducing different types of devices into business scenarios. It’s not.

Businesses looking to harness IoT in fact require a completely different approach to viewing and implementing processing, analytics, storage, and communications. Certainly, identifying “who’s who, what’s what, and who gets access to what” is one aspect. But how this is processed, managed, protected, stored, and communicated is a whole new kettle of fish for businesses.

Identity management is not just about securing IoT devices; it must rationally secure and make sense of the entire environment, from customers to partners, websites to webpages, to mobile devices, apps, and the cloud. This is by no means a comprehensive list – just one that will hopefully give you an idea of the number of links in the chain.

Static and portable devices need to communicate. Human to Machine (H2M) and Machine to Machine (M2M) identification and interaction must also take place. Without the right model, organisations make data vulnerable to security breaches.

Securing the Identity of Things in the Internet of Things demands a new way of thinking about connectivity and security.

Back in an age where companies only connected computers to other trusted computers, life was far simpler. Legacy systems were created to maximise internal security, keeping threats well outside. Security was perimeter-based. Firewalls protected organisations. Identity was about internal stakeholders, creating identities for employees to access the right information and services securely. Businesses used to have to cope with, on average, 20-40,000 identities.

However, the dawning of the IoE has turned this on its head. Organisations everywhere need systems that provide secure access externally, to customers, partners, and other important stakeholders. This means systems have to cope with millions of identities, and most of them outside of any firewall. Static and portable devices need to talk to each other, and then there’s H2M and M2M identification and interaction on top of that.

Customers need to access company systems via multiple devices or objects and expect a bespoke user experience based on how, when, and where they access services. This requires a single, secure platform to unify the entire company ecosystem and enable a straightforward, repeatable way of securing an increasing number of devices. Building a platform that supports and unifies the entire ecosystem is challenging enough, but organisations also need to be able to support new services, new devices, and new infrastructure on the back end.

Read more: Securing digital identities for the cloud era

So how do businesses protect data they can’t see as it’s communicated between machines and other parts of the ecosystem?

Contextual Knowledge is Power

Contextual intelligence and awareness can add significant value to digital services. For instance, a connected car can remember the personal preferences of every driver or the Sony Smart B Trainer can offer personalisation to support the user’s individual fitness goals. This new data enables companies to better understand their customers, as well as protect them. Devices come to know what to expect from you as a typical user—and notice abnormal behavior that triggers enhanced security measures. This kind of contextual intelligence also opens up revenue opportunities for cross-selling, upselling, and delivering personalised services.

Encrypting and authenticating this data is essential; however, it is also imperative to understand who accesses data and how, as well as where and when they access it. Knowing this information will help authenticate the user and confirm that their behaviour is in-line with past behaviour.

Read more: Serious Business: Cyber Security and Brand Survival

Real-time contextual clues, in addition to credentials, provide organisations with the tools needed to decide whether to grant access and how much access to allow. For instance, if a system detects a login attempt with correct credentials, but from an unrecognised IP address or at an uncharacteristic time of day, it can activate additional security measures such as requesting personal security questions or sending verification codes to a user’s mobile phone.

The speed at which organisations get to reap the rewards of IoT lies firmly in their hands. The Internet of Things requires oganisations to understand and manage an external-facing identity management platform effectively. Unless organisations can link objects, devices, and new mobile and social apps to a single security platform, they won’t be able to truly harness the enormous growth potential offered by IoT. At the dawn of IDoT, that’s one quick way for an IDioT to watch the sun set on their business.

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet of Everything (IoE)identity managementGartnerIdentity of Things (IDoT)Internet of ThingsCSO Australia

More about CustomersGartnerSmartSony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Allan Foster

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place