Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

IoT Requires Changes From Identity and Access Management Space: Gartner

The identity and access management (IAM) space will need to evolve to meet the needs of the Internet of Things (IoT), according to analyst firm Gartner.

The identity and access management (IAM) space will need to evolve to meet the needs of the Internet of Things (IoT), according to analyst firm Gartner.

In November, Gartner predicted 4.9 billion devices would be Internet-connected in 2015. Securing those devices however remains a challenge that consumers, IT departments and vendors will have to face. This is particularly true when it comes to the subject of authentication, and according to Gartner analyst Earl Perkins, current IAM solutions cannot meet the scale or complexity that IoT demands of the enterprise.

“IAM leaders must reconsider how traditional approaches to cybersecurity and IAM work in a world where devices and services are so abundant, in so many different forms and positioned at so many different points within the IT ecosystem,” said Perkins, research vice president at Gartner, in a statement.

Next month, Gartner plans to dive into this and other issues at the Gartner Identity & Access Management Summit in London. According to Gartner, the explosion of the Internet of Things means that IAM solutions must have a way of defining and managing not only the identities of people, but also “entities” within a single framework. IoT is not only about the introduction of different forms of networked devices into enterprises, it is a transformational approach to viewing and implementing processing, analytics, storage and communications, according to Gartner.

“Traditional, people-focused IAM systems have been unable to accommodate the propagation of devices and things to give a broad and integrated view for IAM leaders,” said Ant Allan, research vice president at Gartner, in a statement. “The Identity of Things requires a new taxonomy for the participants in IAM systems. People, software that makes up systems, applications and services, and devices will all be defined as entities and all entities will have the same requirements to interact.”

The Identity of Things (IDoT) is a new extension to identity management meant to encompass all identities, regardless of whether it is a person or device, according to Gartner. These identities are then used to define relationships among the entities — between a device and a human; a device and another device; a device and an application or service; or a human and an application or service.

Since devices have not traditionally been part of IAM systems in this way, the IDoT must draw upon other existing management systems to aid in developing the single-system view for the IoT, Gartner notes. IT asset management (ITAM) and software asset management (SAM) systems have traditionally managed IT and software assets of all types and IDoT will either assume some functional characteristics of ITAM and SAM within or integrated with IAM architecture or be linked to ITAM as attribute stores.

Advertisement. Scroll to continue reading.

“Existing identity data and policy planning give IAM leaders and technology service providers (TSPs) a narrow view of entities leading to a static approach that does not consider the dynamic relationships between them,” said Perkins. “However, the concept of dynamic relationships is vital to the success of future IAM solutions. In fact, the concept of the relationship will become as important as the concept of identity is for IAM in the IDoT. It allows the IDoT to exist and become part of new responsibilities for IAM in the enterprise.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Identity & Access

NSA publishes recommendations on maturing identity, credential, and access management capabilities to improve cyberthreat protections.