The Marriage of IoT and Human Identities


Why Tying the Knot Between IoT and Users Is a Three-Layer Wedding Cake

Is your Internet of Things (IoT) project stuck in device registration mode with seemingly no way to get out? Or have you been able to “break out” to realize greater business value by “marrying” your IoT to your human user profiles?

Let me explain what I mean. When it comes to IoT strategies, too many organizations that I talk to are concerned about only finding, registering, securing, and then managing the lifecycle of their IoT devices (examples: door sensors, IP cameras, RFID equipment). This is a laudable goal to be sure. But they consider this a fait accompli. Game over. Next project.

But is this really the end state we should aspire to with our IoT projects? To merely discover and manage our devices? Or is there a higher business value for the  organization? 

A Three-Layer Wedding Cake 

As you might suspect, I consider this  to be an intermediate step towards a higher strategic goal. And that higher goal is joining and managing your devices together with the users who need to use them in order to have a “single pane” of intelligence and visibility that adds business context to every action that involves these devices and users. This will shatter your traditional IoT silos and lead to greater automation, intelligence gathering, and trust.

But I digress. Our new happy couple IoT and our human userare about to cut the cake! Here are the benefits they can expect from this compatible marriage.

First Layer: Automating Business Processes  

The projections of IoT devices being added to our networks every day is simply staggering. According to IDC data, there will be 41.6 billion connected IoT devices by 2025*. 

That’s a mind boggling number that leads most IT professionals  to immediately think about automation. How do you automate a tsunami of increasingly heterogeneous devices flooding your organization and give users timely access to the devices they need?

For starters, when you plan out your IoT strategy and you know which users need access to which IoT devices, you are in a perfect position to automate that access using some combination of rules-based and artificial intelligence (AI) methodology. The important thing is to start your IoT project with this holistic view to the future.

But there is more. Many IoT experts, including those at ForgeRock, envision a future where the combination of a user, a device, and an entity can actually unlock greater economic value for everyone in the chain, delivering a level of personalization and customization we’ve never seen before.

Here’s one common example. The scenarios most often discussed involve a patient (human) with a healthcare device (IoT) that informs a healthcare provider (entity) proactively about changes in the user’s condition. The measurable business value unlocked here: exceptional patient care and lower healthcare costs through early detection and treatment.

Another scenario is the connected car. If you buy a car, you want to take care of it. Car manufacturers are banking on IoT to do that by alerting you to issues and where you can go to get them resolved. But they are going further, adding upgrade offers, facilitating bi-directional communications, safety notifications, and more. The measurable business value unlocked here is that loyal car buyers will stay with the same manufacturer for their next automobile purchase.

With all privacy and consent regulations being adhered to, an intelligent IoT system can provide a wealth of value-added services to the user.

Second Layer: Intelligence Gathering 

What can your IoT devices tell you that would enable you to power your business forward? Quite a lot, in fact! 

Devices vary, but even “dumb” IoT devices give you online/offline status. More intelligent ones provide data streams that are used to drive action, automate processes, and allow businesses to offer value added services. (See “First Layer: Automating Business Processes.”) These services are relevant for intelligence because the near real-time or real-time data they provide can be gathered to stop an attack, assess the risk of particular users, or even change the risk profile of a set of users requiring, for example, a greater level of authentication. 

But aggregating this data around your identity platformas opposed to your security information and event management (SIEM) solution or security operations center (SOC)is key. This is because the relationship data offered through a complete identity management view allows a complete 360-degree view of who these users are and how they are using IoT devices. Your organization can utilize additional insights to make business decisions for security, asset utilization, workforce staffing and more.

Third Layer: Trust in Your Devices 

Trust is everything when it comes to IoT. A single breach of a single device in your organization can lead to catastrophic results.

On the other hand, having a reasonable assurance of  security can lead to improved functioning in an organization. IoT devices can be managed as groups in the exact same way digital identities for human users are managed. This gives the IT department a single console to manage all digital identities in a consistent way. Identities for things are unique to each device and are anchored in a root certificate or any other identifier that allows the unique identification of devices. You know what users can have access to what devices and under what circumstances. Relationships among users, users and devices, and between devices are managed from a central console, making lifecycle management easy and robust.  

For instance, we can allow user access by role. If you’re a heating, ventilation, and air conditioning (HVAC) technician, you can have access to certain restricted classes of devices (HVAC controllers, for example). Devices are treated as first-class digital identities and are allowed to act autonomously on their own behalf with fine-grained authorization sharing data only with authorized destinations or applications. We can enforce certain types of authentication and change it in an instant when the overall threat level rises (and make sure our users have pre-enrolled in methods to support step-up authentication). We can restrict access by time of day or day of week. 

Customized and relevant offerings make the difference between a world-class service and failure. Being able to scale such a process and potentially serve millions of users individually requires automated, data-driven decisions made in near real time. Device data is a key ingredient, but this data must be trustworthy and genuine. This drives the need for IoT to join together with human roles and profiles. To trust a device-user interaction, you must first identify the two to proceed with confidence.

You’re Cordially Invited

At ForgeRock, we’re already helping customers move beyond the first IoT level and prepare themselves for the connected IoT future. Our IoT Gateway and IoT software development kit (SDK) offerings are helping customers gain control, secure devices, and pave the way to monetize, automate and streamline their businesses. Check us out at

Let’s wish our happy couple a long marriage. I’m looking forward to a toast, but I also know that a wedding is just the beginning hopefully, the start of a very long, successful, and prosperous relationship! Hard work and partnering lie ahead. I wish you well on this journey!




This blog was originally posted on IoT For All