Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

IoT Requires Changes From Identity and Access Management Space: Gartner

The identity and access management (IAM) space will need to evolve to meet the needs of the Internet of Things (IoT), according to analyst firm Gartner.

The identity and access management (IAM) space will need to evolve to meet the needs of the Internet of Things (IoT), according to analyst firm Gartner.

In November, Gartner predicted 4.9 billion devices would be Internet-connected in 2015. Securing those devices however remains a challenge that consumers, IT departments and vendors will have to face. This is particularly true when it comes to the subject of authentication, and according to Gartner analyst Earl Perkins, current IAM solutions cannot meet the scale or complexity that IoT demands of the enterprise.

“IAM leaders must reconsider how traditional approaches to cybersecurity and IAM work in a world where devices and services are so abundant, in so many different forms and positioned at so many different points within the IT ecosystem,” said Perkins, research vice president at Gartner, in a statement.

Next month, Gartner plans to dive into this and other issues at the Gartner Identity & Access Management Summit in London. According to Gartner, the explosion of the Internet of Things means that IAM solutions must have a way of defining and managing not only the identities of people, but also “entities” within a single framework. IoT is not only about the introduction of different forms of networked devices into enterprises, it is a transformational approach to viewing and implementing processing, analytics, storage and communications, according to Gartner.

“Traditional, people-focused IAM systems have been unable to accommodate the propagation of devices and things to give a broad and integrated view for IAM leaders,” said Ant Allan, research vice president at Gartner, in a statement. “The Identity of Things requires a new taxonomy for the participants in IAM systems. People, software that makes up systems, applications and services, and devices will all be defined as entities and all entities will have the same requirements to interact.”

The Identity of Things (IDoT) is a new extension to identity management meant to encompass all identities, regardless of whether it is a person or device, according to Gartner. These identities are then used to define relationships among the entities — between a device and a human; a device and another device; a device and an application or service; or a human and an application or service.

Since devices have not traditionally been part of IAM systems in this way, the IDoT must draw upon other existing management systems to aid in developing the single-system view for the IoT, Gartner notes. IT asset management (ITAM) and software asset management (SAM) systems have traditionally managed IT and software assets of all types and IDoT will either assume some functional characteristics of ITAM and SAM within or integrated with IAM architecture or be linked to ITAM as attribute stores.

“Existing identity data and policy planning give IAM leaders and technology service providers (TSPs) a narrow view of entities leading to a static approach that does not consider the dynamic relationships between them,” said Perkins. “However, the concept of dynamic relationships is vital to the success of future IAM solutions. In fact, the concept of the relationship will become as important as the concept of identity is for IAM in the IDoT. It allows the IDoT to exist and become part of new responsibilities for IAM in the enterprise.”

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Funding/M&A

The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...