The Internet of Things and the challenge of digital identity

The boom in the Internet of Things (henceforth IoT, from its initials in English) offers a key opportunity to radically change business models and the way we consume goods and services, but there is one hurdle that is not usually addressed in the debates around the IoT and which hinders companies' capacity to profitabilize this new technology: totally antiquated IAM (identity and access management) software. At least this is the theory recently outlined in Wired by Daniel Ruskin, Vice-president of Marketing at ForgeRock.

It serves to verify the identity and access permits of each user and is used both internally by companies and in their relationships with consumers, as well as by public institutions (from governments to universities). However, according to Raskin, most organizations use IAM that was installed prior to the launch of the first iPhone, and which are thus not designed to protect and connect all the millions of users and their multiple Internet-enabled devices. In short: companies need to bring themselves up to date if they don't want to miss out on the new business opportunities.

The obsolescence of IAM software

By definition, the IoT includes everything connected to the Internet (from home security systems to smart bracelets). According to the results of a report published by Gartner Research, this means that in only six years the IoT will have 26 billion units, a far greater number of users, equipment and devices than anything the current identity management platforms can handle at the moment. Not so long ago, the IAM systems in a large company could comfortably manage as many as 10,000 identities and were able to provide service to all their employees and multiple partners, each of whom was connected via one device. Now that the average number of devices for each user on the platform has tripled, IAM platforms are showing clear signs of strain. And when connected cars and domotics technology become routine, these platforms will sink into complete obsolescence.

Raskin points to some steps that organizations should be taking as a way to find an alternative to IAM software.

1. Abandon the classic "defend the castle” mindset, as this no longer works as a means of providing service to customers and devices located outside the boundaries of the organization itself.
2. Do something more than merely granting or denying access. “A [successful] identity platform should be agile, flexible and scalable, and perhaps the most important thing is that it should be capable of adjusting the services it offers to a growing list of contexts, such as geographic location, time of day, type of mobile device or browser, log-in attempts and so on."

IRM: an alternative to IAM platforms

According to Raskin there is already a new identity and access management technology that could help organizations optimize the IoT: IRM platforms (Identity Relationship Management). Unlike the IAM software, the IRM focuses not only on managing the identities of the employees, but also those of customers and objects along with the interactions between them. It was designed in response to the massive influx of new users, based on the following features:

• Modular platform: This is the best way to handle the complexity of managing multiple users, devices, access points, privileges and software versions.
• Scalable: Companies now work at the entire Internet scale –meaning an exponential growth in the number of users all over the world–, and have to be able to respond to constant fluctuations in the volume of users.
• Services without borders: As the IoT is connected anywhere and any time, IRM platforms must offer secure access in the same conditions.
• Sensitivity to context: This is a clear differentiator between traditional IAM platforms and the new IRM platforms, which are smart enough to evaluate multiple circumstances in real-time and can adapt to allow log-ons from atypical devices or sites.