The IoT Demands a New IAM Approach

The IoT Demands a New IAM Approach

December 27, 2016

A recent study conducted by BI Intelligence predicts the Internet of Things (IoT) will have 24 billion connected devices by the year 2020. It's a staggering growth rate that signals dramatic changes for the way we live, how brands connect with customers and how businesses manage operations.


And according to Forrester, identity and access management (IAM) is right at the heart of the IoT's evolution. The IoT is all about increasing software control of the physical world, which entails managing billions of connections between devices and humans. The result is the emergence of a new discipline of IAM for the IoT, which is coming on the heels of shifting from traditional employee identity management to customer identity management. IAM professionals have just begun to grapple with the new requirements for managing customer data for digital business mobile apps and multiple channels. Massive scale, complex privacy controls and strong, yet convenient user authentication are just a few of the many considerations IAM and security teams have been addressing with modernized Customer Identity and Access Management (CIAM) solutions.


Now the landscape is changing again. The IoT is entering the picture with a wide range of devices, from fitness trackers and connected homes to electronic sensors gauging water levels in reservoirs. Each device must have a digital identity. And when these device identities are connected to user identities, the true value of the IoT is able to surface. The high volumes of detailed data generated can be used to glean important insights into improved efficiencies and personalized customer experiences.


However, security concerns come up as the number one barrier to IoT adoption. Compromised data security always has devastating consequences, such as monetary loss, confidentiality leaks and health record tampering. In the IoT world, a breach has the potential to be life threatening. For example, a driverless car could cause a fatal accident, or home medical equipment could stop providing life-sustaining aid.


To truly address these challenges, it takes more than just adding security capabilities to existing employee IAM systems. Managing identity in the IoT is fundamentally different from workforce or customer identity management. It demands a purpose-built solution designed with four key security capabilities at its core:


  1. End-to-end encryption protects data at the network, at the device and everywhere it travels in between.
  2. Extreme scale, performance and availability reliably handles the massive volumes of data the IoT generates.
  3. Full-featured privacy, preference and consent management ensures users can control their IoT experiences.
  4. Adaptive authentication and policy-based data access governance establishes fine-grained, contextual control.


In the IoT, security is simply too important to treat as an afterthought. When security features are added on as a layer to an existing identity management solution, you sacrifice important capabilities. Securing identity data for IoT environments is complex so it must be a foundational component of your IAM infrastructure. We've only just scratched the surface of the IoT. To realize its full potential, we need to make sure to get its security right from the beginning.


To learn more about the emerging space of IAM for the IoT, download Forrester's report.