We deal with Identity of Things within our business environments and increasingly in our personal lives in a complex universe of entities such as people, businesses, programs, and things which are connected to share information and perform tasks.
As we embrace the Internet of Things (IoT) which refers to all smart and Internet enabled devices including smart cars, drones, and household appliances which communicate with each other and share data with their owners, we have to define a universally acceptable framework for identity and relationship management to connect and validate identities, approve their rights to transact, and address the growing risks which is the topic of this article, the Identity of Things (IDoT).
One of the challenges that we face as security and identity management professionals is whether our current processes and technologies are able to manage the growing risks of IDoT or we need to update our existing solutions or deploy completely new solutions.
In a self-managed, smart, and connected world, the most important risk will be around the relationship of IoT which will force us to look beyond identity and access management to include the level of relationships that exist among identities, and their authorization for sharing data and making transactions. As you may guess, smart cars and devices will in a not so distant future make transactions on behalf of their owners which must be controlled to manage risks including transaction repudiation. For example, self driving and smart cars will be enabled to make purchases without their owners being present. How would businesses validate the authenticity of the transaction and successfully fight repudiation?
Managing the Identity of Things (IDoT) involves assigning unique identifiers to devices and objects (Things) as well as authorization to communicate, share data, and transact in pre-approved relationships.
As we allow “Things” to find each other, communicate, and complete transactions, security and entity relationship management which includes identity, access, and right management, will be crucial. In a universe with a growing number of smart and automated entities or identities beyond humans such as devices or programs, the rules of engagement are different as owners of smart devices will be on the hook for transactions completed by devices, and, critical tasks such as data collection and sharing will be automated which will make continuous monitoring even more critical beyond what we have in place today as part of our routine identity and access management processes.
Technology advancement and data proliferation in an automated and connected world such as sensors that collect and share data, self-managed cameras, windows that share data on outside and inside temperatures to control the heating and cooling systems, home appliances, self-driving and self-managed cars, and other networked devices are making the management of Identity of Things (IDoT) very challenging. Data privacy and security concerns will continue to be of utmost concerns, especially, the definition of identity theft will be expanded to include device identity takeover by another device. Furthermore, uniquely identifying entities and assigning ownership will be critical for defense in the court of law.
As an industry, we have begun to identify the risks and the identity management experts are working hard to introduce solutions whether technical or otherwise to address the risks. Obviously, effective identity governance will be key to making sure that entities are able to communicate with one another and perform tasks which are approved and can be assigned ownership to a human identity for accountability purposes.