Identity and Access Management and the Internet of Things

singapore identity access management

A decade ago, the Internet of Things (IoT) would have sounded like a fantasy. However, the reality of the IoT is steadily gathering momentum and is already upon us in 2018. Just what is the Internet of Things? Essentially, it refers to the network of “things”: smart watches, cars, home appliances, all connected in a network, allowing them to constantly exchange information.

Naturally, exchanging such a gargantuan amount of personal information between innumerable devices means great security risks for consumers and businesses. Identity and access management (IAM) has to adapt to match the changing environment to mitigate and protect against security breaches. This article looks at how Identity and Access Management is affected by the Internet of Things.

The sheer volume of devices connected to different networks will be the biggest challenge posed to Identity and Access Management. New IAM systems must be adjusted to handle the manifold increase in workload of checking identities, authenticating logins and monitoring on-going sessions for proper access. Traditional IAM systems were not designed to handle automated devices. IAM systems typically handle user verification; different individuals logging in to gain access to a network.

However, the IoT presents the challenge of handling thousands of devices constantly logging in and accessing networks automatically. IAM systems must be able to verify identities from a huge number of devices, languages and application. This demands flexibility, huge scales and abundant power from IAM systems to allow the all devices to stay safe connected to a network while processing the huge amount of data generated by the IoT.

The inherent nature of the IoT demands a structural adjustment from traditional IAM systems. As previously stated, IAM traditionally verifies human identities accessing networks via passwords or physical validation. The foundational agents of the IoT are ‘things’ – smart devices embedded within the current structure of the Internet. These devices need identities for IAM to even perform its most basic functions.

Changing demands has not gone unnoticed by those in charge of IAM systems. This complicated relationship between IAM and the IoT has been labelled the Identity of Things, or IDoT. Managing this relationship is key for a safe and consistent flow of data from smart devices, to reap the benefits of the information produced by the IoT.

Giving each device an identity, linking them to their human operators and allowing them appropriate access are all challenges IAM must overcome. IAM strategies must adjust, from simply authenticating identities to working towards providing businesses or enterprises security as a whole.

This brings us to our last point: the IoT simply brings so many more potential threats for IAM systems to handle. While smart coffee machines or physical activity trackers may not seem a threat, more personal information can be accessed during unauthorised security breaches. Tampered health records, accessed bank accounts or leaked confidential details are possible outcomes of poor IAM strategies.

In 2015, this threat was fully on display. A jeep was accessed remotely and essentially hijacked as hackers gained control over its locks, speedometer, even accelerator.

The Internet of Things opens up endless exciting possibilities for manufacturers and consumers. Identity and Access Management strategies must be updated to handle these changes in volume, access and simply accommodating devices instead of humans.