The Internet of Things Demands a New Identity Management Approach

A study conducted by BI Intelligence predicts there will be 24 billion Internet of Things (IoT) devices by the year 2020. It’s a staggering growth rate that signals dramatic changes for the way we live, how brands connect with customers, and how businesses manage operations.

According to new research from Forrester, Identity and Access Management (IAM) is at the center of IoT’s evolution. IoT is about increasing software control of the physical world. That entails managing billions of connections between devices and humans. The result is the emergence of a new IAM discipline, IAM for IoT. IoT IAM is coming on the heels of the shift from traditional employee identity management to customer identity management. IAM professionals have just begun to grapple with the new requirements for managing customer data for digital business’s mobile apps and multiple channels. Massive scale, complex privacy controls and strong, yet convenient user authentication are just a few of the many considerations IAM and security teams have been addressing with modernized Customer Identity and Access Management (CIAM) solutions.

Now the landscape is changing again. IoT is entering the picture with a wide range of devices, from fitness trackers to electronic sensors gauging water levels in reservoirs. Each device must have a digital identity, and when these device identities are connected to user identities, the true value of IoT is able to surface. The high volumes of detailed data generated can be used to glean important insights into ways to improve efficiencies and personalize customer experiences.

However, security concerns come up as the number one barrier to Internet of Things adoption. Compromised data security always has devastating consequences, such as monetary loss, confidentiality leaks, health record tampering and many other scenarios. In the IoT world, a breach has the potential to be life threatening. A driverless car could cause a fatal accident or home medical equipment could stop providing life-sustaining aid.

Addressing these challenges is more than a matter of adding security capabilities to existing employee IAM systems. IoT identity management is fundamentally different from workforce or customer identity management. It demands a purpose-built solution designed with four key security capabilities at its core:

1. End-to-end encryption to protect data at the network, at the device and everywhere it travels in between
2. Extreme scale, performance and availability to reliably handle the massive volumes of data IoT generates
3. Full featured privacy, preference and consent management to ensure users can control their IoT experiences
4. Adaptive authentication and policy-based data access governance

In the Internet of Things, security is simply too important to treat as an afterthought. When security features are added on as a layer to an existing identity management solution, you sacrifice important capabilities. Securing identity data for IoT environments is complex so it must be a foundational component of your identity management infrastructure. IoT is in its nascent stages and realizing its potential rests on getting it right from the beginning.