Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

IoT Requires Changes From Identity and Access Management Space: Gartner

The identity and access management (IAM) space will need to evolve to meet the needs of the Internet of Things (IoT), according to analyst firm Gartner.

The identity and access management (IAM) space will need to evolve to meet the needs of the Internet of Things (IoT), according to analyst firm Gartner.

In November, Gartner predicted 4.9 billion devices would be Internet-connected in 2015. Securing those devices however remains a challenge that consumers, IT departments and vendors will have to face. This is particularly true when it comes to the subject of authentication, and according to Gartner analyst Earl Perkins, current IAM solutions cannot meet the scale or complexity that IoT demands of the enterprise.

“IAM leaders must reconsider how traditional approaches to cybersecurity and IAM work in a world where devices and services are so abundant, in so many different forms and positioned at so many different points within the IT ecosystem,” said Perkins, research vice president at Gartner, in a statement.

Next month, Gartner plans to dive into this and other issues at the Gartner Identity & Access Management Summit in London. According to Gartner, the explosion of the Internet of Things means that IAM solutions must have a way of defining and managing not only the identities of people, but also “entities” within a single framework. IoT is not only about the introduction of different forms of networked devices into enterprises, it is a transformational approach to viewing and implementing processing, analytics, storage and communications, according to Gartner.

“Traditional, people-focused IAM systems have been unable to accommodate the propagation of devices and things to give a broad and integrated view for IAM leaders,” said Ant Allan, research vice president at Gartner, in a statement. “The Identity of Things requires a new taxonomy for the participants in IAM systems. People, software that makes up systems, applications and services, and devices will all be defined as entities and all entities will have the same requirements to interact.”

The Identity of Things (IDoT) is a new extension to identity management meant to encompass all identities, regardless of whether it is a person or device, according to Gartner. These identities are then used to define relationships among the entities — between a device and a human; a device and another device; a device and an application or service; or a human and an application or service.

Since devices have not traditionally been part of IAM systems in this way, the IDoT must draw upon other existing management systems to aid in developing the single-system view for the IoT, Gartner notes. IT asset management (ITAM) and software asset management (SAM) systems have traditionally managed IT and software assets of all types and IDoT will either assume some functional characteristics of ITAM and SAM within or integrated with IAM architecture or be linked to ITAM as attribute stores.

“Existing identity data and policy planning give IAM leaders and technology service providers (TSPs) a narrow view of entities leading to a static approach that does not consider the dynamic relationships between them,” said Perkins. “However, the concept of dynamic relationships is vital to the success of future IAM solutions. In fact, the concept of the relationship will become as important as the concept of identity is for IAM in the IDoT. It allows the IDoT to exist and become part of new responsibilities for IAM in the enterprise.”

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Matthew Cowell has assumed the role of VP of Strategic Alliances at Nozomi Networks. He previously served in the same role at Dragos.

Bret Arsenault is retiring from his full-time role after 35 years at Microsoft.

Social engineering defense platform Doppel has appointed Bobby Ford as Chief Strategy and Experience Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.