When IoT is not the Internet of Things, but the Identity of Things
More and more companies are using connected devices to build specific products and services, which in most cases rely on a new concept of identity. Security, costs and experience itself are based on this new identity.
The Internet of Things was the "next big thing" a few years ago. Everyone was talking about its endless possibilities: millions of objects connected to the Net and interconnected under the control of human beings. Data accumulation for large companies and human control of the devices to improve people's lives. Today it is a reality, but the question has changed: ¿Is IoT a problem for security? The experts have started to shift the technical and business approach: from the Internet of Things to the Identity of Things.
The entire system is conditioned by the huge explosion in the number of connected objects around the world, not only existing ones, but also those projected that at some point will occupy a space in the IoT ecosystem. In fact, there are many reports with forecasts on the number of objects connected to the Net: the statistics portal Statista has an estimate according to which by 2025 there will be over 75 billion connected devices around the world. More than 25 billion in 2019, nearly 31 billion in 2020 and over 50 billion devices in 2023.
This exorbitant growth in the number of connected devices has frayed every possible seam in the identify and access management systems (IAM). It is not something recent. Already in early 2015 Ant Allan, Vice-president of the identity and access management team of the technology consultancy firm Gartner, warned that IAM systems had been unable to adapt to the proliferation of connected devices, largely because traditional authentication systems had focused exclusively on people, rather than on the devices of the Internet of Things.
Managing the Identity of Things
Once one understands that global identity management cannot focus on users, but that attention has to be paid to all the entities making part of the system, the approach changes drastically. It is no longer necessary to manage only the identity of a person connected to an application or service, which is usually the case in IAM systems, but also of a user connected to a device, two interconnected devices, or a device and an application or a service. It is the new open, but secure ecosystem of the identity of the Identity of Things (IDoT), where all entities have the same interaction framework.
Within the IDoT, the concept of identity is expansive and multifaceted: what is important is not only the entity's identity, but also the relationship among the different connected devices. In order to manage all the complexity of the new entities, it is necessary for the Identity of Things to be supported by systems that have been very successful in meeting existing needs for many years: IT Asset Management TI (ITAM) and Software Asset Management systems (SAM).
SAM is a usual practice in companies that enables cost control and the optimization of any investment made in software. In a scenario where companies can have thousands of connected devices, it is almost an obligation to prepare an up-to-date inventory to know exactly what they have and how it is being used. Today, hundreds of companies rely on their inventory of connected devices, through which they interact with customers and collect essential data for their business. A SAM strategy within the IoT becomes something even more necessary.
This is why some platforms in the cloud such as IBM Bluemix, with products related to the Internet of Things, are placing such great emphasis on systems software asset management, largely because it is a service demanded by most of their customers. Having real-time data of how a company's software behaves can result in major cost savings, in optimizing its operation, in solving problems… Competing. In this area, Bluemix is one of the most widely used solutions on the market.
It not only has to do with security and costs, but also with user experience
Most of the times the discussion focuses almost exclusively on identity management as an essential condition for guaranteeing security, but the simple truth is that there are other elements that are important within the Internet of Things. One of them is identity as a guarantee of a satisfactory user experience. And this issue is not addressed as often. Properly managing the identity of users connected to their devices, whether a household appliance or a vehicle, improves experience and the benefits of the IoT.
Many applications and services that rely on the interaction between clients and devices or between devices need proper identity management to ensure the existence of the product or service itself. Banks and credit card manufacturers like Visa or Mastercard have explored for some time the relationship between clients, devices and mobile payments. Today, the greatest problem is the lack of system flexibility because any payment service will always be associated with the concept of personal identity (linked to a user), while the other types of entities that coexist within this system are left out.
The natural evolution is for user identity authentication to increasingly fall to identity codes, geolocation or biometric factors built into the devices.
Sign up to the BBVAOPEN4U newsletter and receive tips, tools and the most innovative events directly in your inbox.