Identity of Things in the World of Internet of Things (IoT)

Subhash Nukala, Practice Director, Happiest MindsInternet of Things (IoT) has been identified as the ‘next big thing’ while disrupting the technology sector.It has become a buzzword that has created enough noise everywhere and every one is talkin about and is anticipating the endless opportunities it might come up with: millions and millions of things interconnected over internet under the inspection and guidance of human brains, helping and improving data collection, usage and ultimately helping the mankind in a positive way. While this is today’s reality, the question’s not on the million possible opportunities it can bring, but how secure it is? paving way to the Identity of Things.

This eco system will be hit by the huge explosion in the number of connected objects around the world, not only existing ones, but also those projected that at some point will occupy a space in the IoT ecosystem. In fact, there are many reports with forecasts on the number of objects connected to the Net: the statistics portal Statista has an estimate, according to which, by 2020 there will be over 50 billion connected devices around the world. More than 28 billion in 2017, nearly 35 billion in 2018 and over 42 billion devices in 2019. As per Gartner research, by 2020, IoT will be made up of more than 20 billion connected ‘things’, contributing to a global economic impact of $2 trillion.

This exponential growth in the number of connected devices has frayed every possible seam in the identify and access management systems(IAM). Already in early 2015 Ant Allan, Vice-president of the identity and access management team of the technology consultancy firm Gartner, warned that IAM systems had been unable to adapt to the proliferation of connected devices, largely because traditional authentication systems had focused exclusively on people, rather than on the devices of the Internet of Things.

All of us deal with Identity of Things increasingly within our business environments and in our personal lives.
The Internet of Things - refers to smart and Internet enabled devices including smart cars, drones, and household appliances, which communicate with each other over internet using specified IoT protocols and share data along themselves and with the device owner or a pre-defined authority like a vehicle insurance company or a health insurance. But, we have to define a universally acceptable framework for identity and relationship management to connect and validate these device identities, approve and authorize their rights to transact, and address the growing risks which is the Identity of Things (IDoT).

New technology advancements and data proliferation in an automated & connected world are making the management of Identity of Things (IDoT) very challenging, especially, the definition of identity theft

In a self-managed, smart, and connected world, the most important risk will be around the relationship of IoT which will force us to look beyond identity and access management to include the level of relationships that exist among identities, and their authorization for sharing data and making transactions. For instance, in case of smart cars making transactions on behalf of their owners, must be controlled to manage risks including transaction repudiation. Like, self-driving and smart cars will be enabled to make payment of fuel bills or toll bills without their owners being present but how such payments would be validated for authenticity of the transaction and successfully fight repudiation in case of litigations etc. should be controlled.

Data privacy and security concerns will continue to be of utmost concerns. With new technology advancement and data proliferation in an automated and connected world are making the management of Identity of Things (IDoT) very challenging, especially, the definition of identity theft will be expanded to include device identity takeover by another device. For example, sensors that collect and share data, self-managed cameras, windows that share data on outside and inside temperatures to control the heating and cooling systems, home appliances, self-driving and self-managed cars, and other networked devices are constantly making it difficult to ensure 100 percent privacy and security.

IDoT should address the following key aspects to provide a secure connected environment.

• IoT Component Architecture Combined with Identity
• Continuous, Contextual Security
• Easy Device Registration & Authorization
• Adaptive Authentication
• Identity Relationship Visualization
• Privacy and Consent Tools
• Single View of Customers via Devices
• API Protection
• Unified, Comprehensive Platform

While the product is maturing and stabilizing in the space of IoT, there is no reason for enterprises to wait and watch. Enterprises should start acting and include Identity security into their IoT implementation plans. Being an early adapter will have an advantage. This is the reality and the future - for the first time, objects or things as they are called, have started to transact like humans are doing today.