Introducing ForgeRock Edge Security – The Future is Here

See Our Demo at Hannover Messe

Next week ForgeRock is sending a team of identity experts and executives to the Hannover Messe show, the world’s biggest industrial fair, which takes place across multiple locations at the fairgrounds in Hannover, Germany. Even for us “experienced veteran” tech folks here in the U.S., it’s a bit difficult to wrap your head around exactly how big this event is. The RSA Conference that happens in San Francisco in February annually – one of the bigger tech events of the year – brings in around 500 exhibitors and 45,000 attendees. Hannover Messe is five times that large, with around 6,500 exhibitors and 250,000 visitors. The scope of the show is huge as well, with exhibitors ranging from industrial equipment and sustainable energy tech, self-learning robots with near-human touch sensitivity, conventional computing and mobile devices, and many, many companies involved in the internet of things (IoT). It’s the technology of tomorrow on display today. And that’s where ForgeRock comes in.

ForgeRock will demonstrate its new edge security capabilities will at Hannover Messe – the world’s largest industrial show- on April 24. See us in Hall 8 at Booth F31/1.

Our digital identity management technology is playing a key role in securing user experiences and supporting IoT business cases for leading global brands including TomTom, the BBC, and many others. Click through those links to see how these cutting-edge companies are digitally transforming their business models, and redefining the way people experience travel and media in the 21st century. What’s important to note here is that these brands launched IoT offerings with enduser and device security baked in from start by working with ForgeRock. Many other companies – most, apparently – are not.

How do we know this? Recent cybercrime and hacking exploits have shown clearly that much of the IoT – devices, services and applications – is coming online largely in the absence of adequate security measures. For instance, the massive Dyn / Mirai botnet attack – which caused outages at many of the Internet’s largest sites, including Twitter, Amazon and Spotify – was carried out through a global botnet involving of millions of networked devices, including security cameras, connected baby cams, smart lighting arrays, audio speakers, wearables and so forth. In short, this was a cyberattack powered by IoT devices. In most cases, the hackers were able to take control of these devices because each had shipped with default passwords, which were never changed by the purchaser/installer as is supposed to happen, and were therefore highly vulnerable.

Device insecurity, however, wasn’t the only take-away from the Dyn hack. The IoT is revolutionizing industries from agriculture to shipping to robotics, with connected devices creating a complex web of captured data, and command and control information traveling around networks at the speed of light. While legacy architectures could often keep this data reasonably secure inside private networks, more and more deployments need to leverage the public internet for centralized and cloud-based backend infrastructure. Many wireless home security cams and sound system works on this model.

This architecture, however, presents fundamental vulnerabilities because the communication protocols often used with IoT devices (such as MQTT and CoAP) have very limited security capabilities. The authentication and encryption options available to date often require installing and managing certificates on every single device in a deployment (which can number in the thousands, even for smaller operations), raising insurmountable scalability and administration challenges. The other alternative – hard-coded passwords for devices – has proven to be a fatally flawed system (again, as we saw with the Dyn cyberattack).

I bring all this all up because these trends are behind our trip to Hannover Messe. We’ve been hard at work with multiple partners in the chip, device, cloud and microservice fields in recent months, and that work comes to fruition today with our announcement of ForgeRock Edge Security, and our Early Access partner program. The exciting new edge capabilities in the ForgeRock Identity Platform will enable end-to-end IoT security using identity principles to secure devices and their data. And next week in Germany, ForgeRock will share our vision that identity is the essential security technology for making the IoT work. It’s not just about securing a particular device or the personal data of an individual customers. It’s about the relationships! Credentials and passwords might have been adequate for the early years of the commercial web, but they’re proving completely unreliable in the emerging IoT environment, where people, devices, things, data, microservices, and public and private clouds all come into the mix. What we’ve been working on, and what we’ll demonstrate next week in Hannover, is an elegant solution to this challenge. We hope to see you in Germany!