IoT Requires Changes From Identity and Access Management Space: Gartner

The identity and access management (IAM) space will need to evolve to meet the needs of the Internet of Things (IoT), according to analyst firm Gartner.

In November, Gartner predicted 4.9 billion devices would be Internet-connected in 2015. Securing those devices however remains a challenge that consumers, IT departments and vendors will have to face. This is particularly true when it comes to the subject of authentication, and according to Gartner analyst Earl Perkins, current IAM solutions cannot meet the scale or complexity that IoT demands of the enterprise.

“IAM leaders must reconsider how traditional approaches to cybersecurity and IAM work in a world where devices and services are so abundant, in so many different forms and positioned at so many different points within the IT ecosystem,” said Perkins, research vice president at Gartner, in a statement.

Next month, Gartner plans to dive into this and other issues at the Gartner Identity & Access Management Summit in London. According to Gartner, the explosion of the Internet of Things means that IAM solutions must have a way of defining and managing not only the identities of people, but also “entities” within a single framework. IoT is not only about the introduction of different forms of networked devices into enterprises, it is a transformational approach to viewing and implementing processing, analytics, storage and communications, according to Gartner.

“Traditional, people-focused IAM systems have been unable to accommodate the propagation of devices and things to give a broad and integrated view for IAM leaders,” said Ant Allan, research vice president at Gartner, in a statement. “The Identity of Things requires a new taxonomy for the participants in IAM systems. People, software that makes up systems, applications and services, and devices will all be defined as entities and all entities will have the same requirements to interact.”

The Identity of Things (IDoT) is a new extension to identity management meant to encompass all identities, regardless of whether it is a person or device, according to Gartner. These identities are then used to define relationships among the entities — between a device and a human; a device and another device; a device and an application or service; or a human and an application or service.

Since devices have not traditionally been part of IAM systems in this way, the IDoT must draw upon other existing management systems to aid in developing the single-system view for the IoT, Gartner notes. IT asset management (ITAM) and software asset management (SAM) systems have traditionally managed IT and software assets of all types and IDoT will either assume some functional characteristics of ITAM and SAM within or integrated with IAM architecture or be linked to ITAM as attribute stores.

“Existing identity data and policy planning give IAM leaders and technology service providers (TSPs) a narrow view of entities leading to a static approach that does not consider the dynamic relationships between them,” said Perkins. “However, the concept of dynamic relationships is vital to the success of future IAM solutions. In fact, the concept of the relationship will become as important as the concept of identity is for IAM in the IDoT. It allows the IDoT to exist and become part of new responsibilities for IAM in the enterprise.”