The future of identity and access management in the Internet of Things will escape the confines of user-focused identity and transition toward a more inclusive model, according to a new analysis research report by ABI Research.
The new multi-faced approach will include machine and system identity along with IoT device and platform management operations.
“IAM is yet another identity and security framework that poses significant challenges when crossing from the IT realm onto the IoT,” says Dimitrios Pavlakis, senior cyber security and IoT analyst at ABI Research.
“Most cloud providers regard IAM as a purely user-focused term while other IoT device management and platform providers make references to IAM in device access control,” he says.
“IAM in traditional IT environment is used to streamline user digital identities and to enhance the security of user-facing front-end operations using a variety of management tools, privilege management software and automated workflows to create a user-focused authorisation framework.”
Pavlakis says the explosion of IoT technologies has significantly increased the sheer volume and complexity or interconnected devices, users, systems, and platforms making traditional IT IAM insufficient, if not problematic in some cases.
“Insufficient access control options, legacy infrastructure and proprietary protocol dependencies, traditionally closed networks, the fervent increase in digitisation, albeit with lackluster security operations, are some of the most prominent challenges for IAM in IoT,” he explains.
“Regardless of which IAM terminology is used, these challenges along with the highly complex IoT identity value chain point toward a more competent model of IAM, which touches upon various technologies and security protocols to be considered under the IAM umbrella including: user privilege management and on-prem access control, edge-to-cloud integration, cloud directory-as-a-service, system and machine ID, data security and governance, API management, IoT device identity, authentication and access control.”
Pavlakis says the justifiable lack of a unified IoT security standardisation framework, the fact that organisations are always on a…