Identity of things
Internet of Things. Business Implications and Opportunities
MIT Sloan School of Management program focusing on 6 areas of IoT, namely; Demystifying the Internet of Things, Leading IoT: Levels of Mastery, Leadership Capabilities, An Overview of IoT Technologies, Aligning IoT and Strategy, Creating an IoT Roadmap for the Future.
Robust customer identity and access management platforms enable retailers to have a single view of the customer and provide a personalised experience across all channels. Imagine the power of combining IoT, online and in store channels to give a user a personalised experience from suggesting things to buy on their devices, or in store displays, online based on what they have purchased or liked or what other customers with a similar profile? That is huge, leading internet retailers are already unlocking this value with great results.
With the advent of technology in healthcare and the use of IoT and wearable tech, governments have put together a plethora of strict legislative policy to ensure privacy and consent.
Problem Statement Industrial IoT & Consumer IoT
With digital transformation, organizations are becoming borderless and the traditional security infrastructure and response models become obsolete. Digital identity has therefore become the new perimeter. We have already mentioned that anything that has to be trusted has an identity. This is even more obvious as more and more companies are transforming their dumb physical devices into smart devices connected to the internet. This could medical devices (wearables), industrial devices (utility, card, biometric readers), cars and so on. These feed into the concept of smart cities designed to improve the efficiency of our systems and our daily lives. Looking at the importance of IoT devices it then begs the question of how can we ensure that they are trusted? That they are what/who they say they are? they feed business with information that influence strategic decisions by generated “big” data that can be harnessed for greater value.
How do we secure them to ensure they are not hijacked? How can we tell they are not compromised? What about the DDoS attacks (read about Mirai botnet)? They can be used in cyber warfare to the detriment of institutions and sovereign governments. How can we associate these devices to humans that use them to adhere to privacy laws? How can we harness their power to improve customer experience in the retail sector?
In the rush of IoT OEMs did not standardize communications protocols, data sets and IoT security. This is a huge problem. From a security perspective, they are built without a way to:
- Uniquely identify themselves
- Store and Secure credentials
- Securely update their firmware
- Verify certificates and check for revocation list and so on..
Consumer IOT: Identity Relationship Management (IRM)
Identity of things is done at scale, anywhere anytime…beyond the perimeter of an organization. This is an organic evolution from Enterprise IAM because we are dealing with identities of humans, billions of devices and things. We also need to manage the relationship between them to deliver business value such as customer experience. Therefore, today’s IAM strategies and platforms are not geared for these sweeping changes. Organizations need to implement platforms that deliver Identity Relationship Management (IRM) to harness the relationship of identities of humans and devices.
We need to be able to
–Register a device’s identity
- Collect information about that identity and be able to verify it. Identity verification is an important step in establishing trust. Currently some governments obtain physical specimen of humans to ascertain identity assurance on which a digital identity can be tied to. Perhaps we need to do the same with devices, barcodes, serial numbers, firmware and so forth can be used alone or in combination and vouched for by the manufacturer.
–Manage a device identity
- Update firmware from trusted repositories that are scanned for malware
- provision and deprovision them from central cloud platforms when no longer in use
–Authenticate a device
–Authorize a device
- To access or publish data. If that device has to do this on-behalf of a human, we also need the human to provide consent
At I’Curity we have already delivered a cloud based IAM platform for an IoT solution. The customer wanted to move their physical access system from an on-prem solution to a purely cloud based solution with the readers constantly connected to the cloud to:
- Authenticate and authorize themselves
- Update their firmware
- Authenticate and authorize humans to buildings across the world in real-time
- Automate the onboarding process of these devices
- Produce data for analytics such as clock in times in places such as mines and factories
We specialize in cyber-security solutions across different industry verticals. Our core value proposition is our ability to deliver robust, transformative and visionary identity platforms to enable and secure your digital transformation strategies.