Internet of Everything (IoE) has become a generic term used to describe introducing connectivity and intelligence to pretty much any inanimate object you can think of in order to give it added functionality – everything from a slow-cooker that connects to the internet, to connected cars, to a smart bed that monitors sleep patterns!
Smart gadgets are big business, but to use each one to its full potential, each gadget needs access to your ‘digital identity.’ A digital identity is the data that uniquely describes you and contains personal information about you. For instance, it can comprise preferences, friendships, bank details, health information, shopping habits, and relationships—all very personal information.
Businesses are beginning to use identity to transform and personalise users’ experience so that, for instance, a connected car remembers the preferences of each driver or a financial services portal offers customers a convenient overview of all their activities and accounts in one place. Digital identity is becoming vital for wearable technology too. Fitness trackers, or healthcare monitors, offer personalised functionality to support the user’s individual goals.
As we continue to witness day to day items connecting to IoE, the importance of digital identities is becoming increasingly clear.
Future-proofing digital identities
Identity is increasingly critical to the digital economy, protecting consumer privacy and providing enterprises with greater visibility into customer preferences. Historically, most businesses focused on managing the identities of their own staff. However, businesses and organisations can’t properly take advantage of mobile, cloud, or Internet of Things (IoT) technologies without a scalable and repeatable customer-facing identity strategy. Without it, they have no ability to identify and engage with their customers in a meaningful way — whether it be through a laptop, mobile phone, tablet, connected car, healthcare wearable, connected home device or the next great connected innovation.
In its simplest form, Identity Management (IM) is the creation and administration of users and things and the rules that govern what they can do online. It answers the questions: Who (or what) are you? What can you (or it) do online?
This may sound simple, but the number of applications, devices, and things involved in making these types of decisions are often quite complex. It involves taking every application (on premises and off) and externalising the identity management capabilities in order to centrally manage users and things and their sign-on and authorisation policies. For some enterprises, this often comprises hundreds or thousands of apps interacting online that must be Identity Management-enabled.
As businesses transition to a digital marketplace where their goods and services are available online and via devices, companies and governments alike are realising that their ability to secure and manage the digital identities of every customer, every prospect, and every member of the public is a fundamental requirement.
Legacy identity management (IM) was based on monolithic platforms that used static rules to make decisions. It was not designed to easily integrate with any application (on premises or off), to provide device-agnostic access, to handle large-scale populations, or to make decisions based on consumer context. In short, traditional IM is struggling to meet today’s business demands.
To connect customers and citizens to relevant goods and services in the digital age, businesses and governments instead require customer-focused identity management. The evolution from identity management to customer-focused identity management has a name: Identity Relationship Management (IRM). IRM is equipped with unique capabilities that differ from traditional identity management requirements.
To protect customer identities, businesses need to implement a more robust, multi-layered security model, which uses context clues to decide whether to give access, and how much. Even with correct credentials, a login attempt from an unrecognised IP address or at an atypical time of day can trigger additional security precautions, asking security questions or texting verification codes to a user’s mobile phone, for example.
In order to protect an organisation managing increasing digital identities, managers should:
Think externally – authenticate external contacts and customers. As each user accesses systems with multiple devices they expect an experience that is tailored to how, when, and where they access services.
Use a unified identity platform – which will allow a repeatable way to protect a growing number of devices.
Use open standards and technologies, supported by your identity platform – the platform must be reachable in a standardised way, whether the communication comes through a human or machine.
Analyse real-time behaviour and context – ensure data is encrypted and authenticated when it’s communicated between IoT devices. Check the location, time, and device to ensure requests to connect are valid, warranted by legitimate business need, and consistent with past behaviour.
The real winners and losers in today’s digital world will be determined by how they approach the issue of identity as they develop new offerings. Those that use the right identity platform can quickly respond to the needs of their business, reinventing themselves to roll out new services to any device or thing more quickly than their competitors—and seize a distinct advantage.
About the author
This article was written by Allan Foster, Vice President and Chief Technology Officer Asia Pacific, ForgeRock, a multinational identity and access management software corporation.