Identity critical to IoT, says Gartner

Managing identities and access is critical to the success of the internet of things but this will be challenging, says Gartner

Managing identities and access is critical to the success of the internet of things (IoT), research firm Gartner has claimed.

But in its current form, identity and access management (IAM) cannot provide the scale or manage the complexity that the IoT brings to the organisation, according to analysts.

"IAM leaders must reconsider how traditional approaches to cyber security and IAM work in a world where devices and services are so abundant in so many different forms and positioned at so many different points within the IT ecosystem," said Earl Perkins, research vice-president at Gartner.

The growth of the IoT means IAM leaders of digital businesses require a way of defining and managing the identities of "entities" – people, services and things – within a single framework, according to Gartner’s latest report, entitled The identity of things for the internet of things.

Gartner analysts said IoT is not only about the introduction of different forms of networked devices into digital business moments, but is also a transformational approach to viewing and implementing processing, analytics, storage and communications.

"Traditional, people-focused IAM systems have been unable to accommodate the propagation of devices and things to give a broad and integrated view for IAM leaders," said Ant Allan, research vice-president at Gartner.

"The identity of things requires a new taxonomy for the participants in IAM systems. People, software that makes up systems, applications and services, and devices will all be defined as entities, and all entities will have the same requirements to interact,” he said.

According to Gartner, the identity of things (IDoT) is a new extension to identity management that encompasses all entity identities, whatever form those entities take. These identities are then used to define relationships among the entities – for example, between a device and a human, a device and another device, a device and an application/service, or (as in traditional IAM) a human and an application/service.

Since devices have not traditionally been part of IAM systems in this way, Gartner said the IDoT must draw on other existing management systems to aid in developing the single-system view for the IoT.

While IT asset management (ITAM) and software asset management (SAM) systems have traditionally managed IT and software assets of all types, Gartner predicted the IDoT will assume some functional characteristics of ITAM and SAM within or integrated with IAM architecture, or be linked to ITAM as attribute stores.

"Existing identity data and policy planning give IAM leaders and technology service providers (TSPs) a narrow view of entities leading to a static approach that does not consider the dynamic relationships between them," said Perkins.

More on the IoT in business

"However, the concept of dynamic relationships is vital to the success of future IAM solutions. In fact, the concept of the relationship will become as important as the concept of identity is for IAM in the IDoT. It allows the IDoT to exist and become part of new responsibilities for IAM in the organisation,” he said.

While it is by no means certain that IAM will be the only provider of functions for IDoT relationships and interactions, Gartner believes the key role that the discipline and concepts of IAM has played in organisations over the decades ensures its continued role for years to come.

According to Gartner, IAM product and services providers will ultimately determine whether IAM will play a contributing or foundational role for the IDoT, based on the needs of the enterprise and the willingness of IAM solution providers to deliver for those needs.

IAM and IoT is to be one of the topics discussed further at the Gartner Identity & Access Management Summit 2015 in London on 16 and 17 March.

Read more on Identity and access management products