Andrew Parkin-White, MEF Advisor on IoT and COO and SVP for IoT at market intelligence and advisory specialists CCS Insight Martin Garner explore the issue of identity and access management, the opportunities and challenges surrounding the Identity of Things and key topics such as zero touch onboarding and digital twins.
The Internet of Things is developing rapidly with forecast explosive growth of connected things from vehicles to clothing and drinks cans. Enterprises need to understand how to connect these billions of things so that can be identified, authorised and securely managed. In the past, identity and access management has focused more on the relationship between humans and devices. Attention now needs to focus on the relationship between devices – the Identity of Things (IDoT).
Watch the webinar in full
What is identity is and why is it important?
Martin began by commenting that in the past, industrial machines were either standalone or in a closed, private network and that applied from chemical processing plants to door entry systems. We are now connecting these things to corporate and public networks which brings about new considerations and the fundamental consideration is security.
Millions of things, from smartphones to power grids to healthcare equipment and transportation, may have been in the field for a long period of time and the task of updating them is considerable. At a basic level, we may not even know where they are as there is no central registry indicating where the location and which software is running on it. Even though security is the base case for an identity system, when updates or installations are required, it is better to avoid error prone manual updates and look to automation and identity is key to this.
An example is in the automotive industry, where a vehicle is partially built in one country and tested there, shipped to another country as a subsystem and tested there, shipped to a third country for final build and again tested and then shipped to the customer in a fourth country and tested and made live.
This is difficult without a good identity system going on behind the scenes. When we know what devices are connected, we can look at the state they are in, their status, their software build and what algorithms they are using. This vast amount of metadata may well accumulate along a supply chain which may become complicated. Security as a base case soon gives way to multiple layers as a useful data is generated and this is where digital twins becomes an important concept.
‘Things’ have very different identity requirements to people but there are some similarities – security is the foundation. A simple identity solution as a starter is useful, akin to a simple passport, with the IDoT becoming more important with increasing volumes and complexity.”
Personal identity is better understood, documented and utilised than the IDoT.
Martin states that things have very different identity requirements to people but there are some similarities – security is the foundation. A simple identity solution as a starter is useful, akin to a simple passport, with the IDoT becoming more important with increasing volumes and complexity. In contrast to personal identity, a thing tends to be owned and privacy is not such a significant issue, although maintaining the privacy of data is clearly paramount.
What does the ecosystem need to know?
With this growing importance of the IDoT, it needs to appear more highly on the CIO agenda which raises the question of what the ecosystem needs to know? With the growing prevalence of things connected to a corporate network, an enterprise needs to focus on the issues surrounding identity as a first step. With many organisations having an IT background, they need to understand that the same rules do not apply with things as massive volumes of things connected outside corporate network boundaries, from vehicles to telematics to drinks cans to items of clothing and even individual pills.
These things do present challenges to an enterprise as they need to understand how to add, authorise and authenticate a vast array of non-traditional items securely. Martin raises the important issue that hacking a vehicle or critical infrastructure can result in fatalities which is far more serious than hacking the data on a laptop.
The importance of an effective identity and access management system for things is critical
Without this, the growth of IoT solutions could be stifled. Many organisations have deployed device management systems for their IT and there is a natural inclination to use this for operational aspects. Key questions include – Can they set it up, make changes and use it as an operational tool rather than an IT application? Enterprises are recognising that they don’t necessarily have the skill sets in house to address IDoT issues and threats. Technical aspects are different for IoT than mainstream IT and identity is often specified and added later with integration can becoming an issue. Platforms will need to be flexible, modular, agile, borderless and scalable and enterprises will need to move from a defensive mode to embracing these things outside the network boundaries.
Where are the opportunities lie for IDoT suppliers?
Martin is of the opinion that IDoT platforms market is not a large one in its own right, but will more probably be bundled into other services and be built into devices. There are initiatives from a number of platform providers but there is no open source applications currently in place, which can speed development of the ecosystem.
Zero touch onboarding is an interesting move by Intel and Arm, where new devices can be shipped with an identity and become rapidly assimilated onto an enterprise platform when powered on and identified. Automation is important with a high volume of connections as manual intervention is more costly and runs more risks of mistakes. These two players have recognised that identity is not a source of platform differentiation and collaboration will result in more rapid development and the achievement of business benefits and effective return on investment.
Digital twins are becoming a key concept in IoT, according to Martin. They can be relatively simple in terms of being a metadata file on build state and software configuration or more complex as a full operating model of a system, such as a power grid for an entire country. Equally, there are more routine applications to test the software on a modelled device before entering it into a production system. The Digital Twins Consortium has the goal of simplifying the approach and making it more mainstream. Martin believes that a key output could be the establishment of a global identity architecture but different flavours for different sectors.
In terms of key messages, Martin is of the view that an enterprise installing an IoT system should ensure that it has a firm grip on identity and that all things should have an identity in a registry. He urges an enterprise to think ahead, as the DoT could become strategic as a cornerstone of an IoT application. Finally, he discourages enterprises from creating their own identity systems, as mainstream suppliers will have done a better job of building and achieving interoperability.