Story image

Does any business know the identity of 'Things' for the Internet of Things?

07 Aug 2014

It is amusing to see the marketing currently attempted by using an offshoot of the phrase “Internet of Things”.

Of course, as an analyst I am no different, so I will propose to you yet another concept that several of us at Gartner have been discussing the past year in IoT security, and that is the concept we refer to as the “Identity of Things”.

Here is our premise...

The IoT trend is part of the digital business trend Gartner believes is transforming enterprises today. It works under the assumption that business, people and ‘things’ are equal partners in delivering business value.

More importantly, the trend identifies a key concept of “relationships” between businesses, people and things.

There is an art to defining those relationships to ensure that policy and process can be articulated properly, and that the technology of things can be configured to reflect those relationships. I realise that may sound confusing, so let me give you an example.

The automobile industry is a business. When a consumer buys a specific automobile, a relationship (at the very least contractual) is established between that consumer and the business that sold them the automobile.

A relationship may be established with a specific dealer, a specific maintenance provider, a specific insurance company– all of the businesses that the person interacts with at some point in the relationship lifetime of the automobile. The person also has a relationship of sorts with the automobile (as a device) as well.

The instruments and environment of the automobile may be tailored to that person’s specific driving habits, such as seat position, steering wheel tilt, temperature, and even radio station.

The devices that make up an automobile may even have defined relationships with one another, since a modern automobile is a traveling IoT ‘cloud’.

Weather conditions may inform sensors on the automobile to talk to other devices to automatically perform certain functions to the make the ride safer, for example.

My point is that we have a vast number of interacting entities in the world that can be assigned identities. These identities can be used in a formal way to define a business, part of a business, a person, a device or device collection, all with the purpose of enabling and specifying the “rules” of engagement between these different entities.

Think about how identity and access management (IAM) systems work today for human users of applications and data. A unique ID is assigned to the human and a set of attributes effectively defines the digital version of the human. Another set of attributes can be created to define the relationship that person may have with an application.

Those particular attributes are then used in the authentication and authorization phase of the person engaging with the application. In essence you want that human to have a relationship with the application, so you provide the means to do so in a formal set of policies and rules.

Now, imagine that you work within a universe of the entities (businesses, people, things) in countless combinations of relationships. At some point we will be faced with the task of determining just how we will identify those entities just enough to be able to articulate those relationships effectively for transacting business.

We must ask ourselves whether our existing technology such as IAM and asset management can be combined and/or extended to accommodate such an effort, or will something radically new be necessary to handle the complexity of those relationships.

We will also need to determine how much information is enough information for executing on the relationships, how dynamic will they be, how we might ‘log’ the relationship event– the list goes on.

Fortunately, there are companies that have already begun to tackle this issue, developing conceptual models for the Identity of Things and testing them.

IoT application developers and integrators are also driving efforts to ensure their solutions have a world in which they can operate. Standards groups are debating this problem and possible solutions and formulating different identity data models to be tested.

I believe the IoT is forcing an inflection point in the industry that manages assets and user identities.

It will generate a lively debate around the Identity of Things (maybe we’ll call it the IDoT, who knows) and ultimately will result in an updated view of identity management.

Perhaps we will even see a day when the Identity of Things will evolve into a form of identity relationship management. The future is full of possibilities.

By Earl Perkins - Analyst, Gartner

What the future of fibre looks like in NZ
The Commerce Commission has released its emerging views paper on the rules, requirements and processes which will underpin the new regulatory regime for New Zealand’s fibre networks.
Gen Z confidence in the economy is on the decline
Businesses need to work hard to improve their reputations.
Why NZ businesses have less than two years to adopt digital before disruption hits
Research found that digital disruption is already impacting two-thirds of New Zealand organisations.
Dell EMC launches interactive AI Experience Zones
The AI Experience Zones are designed to educate visitors about how to start, identify, and implement an AI project.
What NZ can learn from the Baltimore cyberattack
“Businesses must control physical access to their computers and secure their networks."
Infratil seeks clearance to acquire up to 50% stake in Vodafone NZ
The commission will give clearance to a proposed merger if they are satisfied that the merger is unlikely to have the effect of substantially lessening competition in a market.
Hands-on review: MiniTool Power Data Recovery Software
I came across a wee gem of advice when researching the world of data recovery. As soon as you get that sinking feeling and realise you’ve lost a file, stop using your computer.
Deepfakes the 'next wave of concern' - but can law really stomp it out?
Enforcing the existing law will be difficult enough, and it is not clear that any new law would be able to do better. Overseas attempts to draft law for deepfakes have been seriously criticised.