The Marriage of IoT and Human Identities: Why Linking IoT & Users Is a Three-Layer Cake

Gerhard Zehethofer -
Illustration: © IoT For All

Is your Internet of Things (IoT) project stuck in device registration mode with seemingly no way to get out? Or have you been able to “break out” to realize greater business value by “marrying” your IoT to your human user profiles?

Let me explain what I mean. When it comes to IoT strategies, too many organizations are concerned about only finding, registering, securing, and then managing their IoT devices (examples: door sensors, IP cameras, RFID equipment). This is a laudable goal, to be sure. But they consider this a fait accompli. Game over. Next project.

But is this really the end state we should aspire to with our IoT projects? To merely discover and manage our devices? Or is there a higher business value for the organization?

A Three-Layer Wedding Cake

As you might suspect, this is an intermediate step towards a higher strategic goal. And that higher goal is joining and managing your devices and the users who need to use them to have a “single pane” of intelligence and visibility that adds business context to every action that involves these devices and users. This will shatter your traditional IoT silos and lead to greater automation, intelligence gathering, and trust.

But I digress. Our new happy couple – IoT and our human user – are about to cut the cake! Here are the benefits they can expect from this compatible marriage.

First Layer: Automating Business Processes

The projections of IoT devices being added to our networks every day is simply staggering. According to IDC data, there will be 41.6 billion connected IoT devices by 2025*.

That’s a mind-boggling number that leads most IT professionals to think about automation immediately. How do you automate a tsunami of increasingly heterogeneous devices flooding your organization and give users timely access to the devices they need?

For starters, when you plan out your IoT strategy and you know which users need access to which IoT devices, you are in a perfect position to automate that access using some combination of rules-based and Artificial Intelligence (AI) methodology. The important thing is to start your IoT project with this holistic view of the future.

But there is more. Many IoT experts envision a future where the combination of a user, a device, and an entity can actually unlock greater economic value for everyone in the chain, delivering a level of personalization and customization never seen before.

Here’s one common example. The scenarios most often discussed involve a patient (human) with a healthcare device (IoT) that informs a healthcare provider (entity) proactively about changes in the user’s condition. The measurable business value is unlocked here: exceptional patient care and lower healthcare costs through early detection and treatment.

Another scenario is the connected car. If you buy a car, you want to take care of it. Car manufacturers are banking on IoT to alert you to issues and where you can go to get them resolved. But they are going further, adding upgrade offers, facilitating bi-directional communications, safety notifications, and more. The measurable business value unlocked here is that loyal car buyers will stay with the same manufacturer for their next automobile purchase.

With all privacy and consent regulations being adhered to, an intelligent IoT system can provide a wealth of value-added services to the user.

Second Layer: Intelligence Gathering

What can your IoT devices tell you that would enable you to power your business forward? Quite a lot, in fact!

Devices vary, but even “dumb” IoT devices give you online/offline status. More intelligent ones provide data streams used to drive action, automate processes, and allow businesses to offer value-added services. (See “First Layer: Automating Business Processes.”) These services are relevant for intelligence because the near real-time or real-time data they provide can be gathered to stop an attack, assess the risk of particular users, or even change the risk profile of a set of users requiring, for example, a greater level of authentication.

But aggregating this data around your identity platform – as opposed to your Security Information and Event Management (SIEM) solution or Security Operations Center (SOC) – is key. This is because the relationship data offered through a complete identity management view allows a complete 360-degree view of who these users are and how they are using IoT devices. Your organization can utilize additional insights to make business decisions for security, asset utilization, workforce staffing, and more.

Third Layer: Trust in Your Devices

Trust is everything when it comes to IoT. A single breach of a single device in your organization can lead to catastrophic results.

On the other hand, having a reasonable assurance of security can improve functioning in an organization. IoT devices can be managed as groups in the same way digital identities for human users are managed. This gives the IT department a single console to manage all digital identities consistently. Identities for things are unique to each device and are anchored in a root certificate or any other identifier that allows the unique identification of devices. You know what users can have access to what devices and under what circumstances. Relationships among users, users and devices, and between devices are managed from a central console, making lifecycle management easy and robust.

For instance, we can allow user access by role. If you’re a heating, ventilation, and air conditioning (HVAC) technician, you can have access to certain restricted classes of devices (HVAC controllers, for example). Devices are treated as first-class digital identities and are allowed to act autonomously on their own behalf with fine-grained authorization, sharing data only with authorized destinations or applications. We can enforce certain types of authentication and change it instantly when the overall threat level rises (and make sure our users have pre-enrolled in methods to support step-up authentication). We can restrict access by time of day or day of the week.

Customized and relevant offerings make the difference between a world-class service and failure. Being able to scale such a process and potentially serve millions of users individually requires automated, data-driven decisions made in near real-time. Device data is a key ingredient, but this data must be trustworthy and genuine. This drives the need for IoT to join together with human roles and profiles. To trust a device-user interaction, you must first identify the two to proceed with confidence.

Gerhard Zehethofer - Vice President IoT & Technology Partnerships, ForgeRock

Guest Writer
Guest Writer
Guest writers are IoT experts and enthusiasts interested in sharing their insights with the IoT industry through IoT For All.
Guest writers are IoT experts and enthusiasts interested in sharing their insights with the IoT industry through IoT For All.