Why IoT Needs Identity
Organizations are transforming into digital businesses, with goods and services available online and via devices. Both the private sector and the public sector are now realizing that the ability to manage the digital identities of millions of people and billions of devices is a fundamental requirement for success. While legacy identity and access management (IAM) was designed for enterprises and their employees, IAM for the Internet of Things (IoT) needs to be designed for customers, devices, connected things, and the relationships between them. This is known as identity relationship management (IRM).
Faced with the prospect of managing millions of connected devices in their digital ecosystems, organizations must adjust their approach to identity management and security. Any company producing IoT-connected devices should take the October 2016 Dyn distributed-denial-of-service (DDoS) attack as a warning.
In this attack, the onslaught was apparently caused by millions of internet-connected devices, such as thermostats, webcams, and refrigerators infected with malware — primarily because they were connected to the internet without necessary digital identity security protocols in place. These devices were commandeered by hackers and directed to attack servers that hosted many of the internet’s websites, temporarily taking down large portions of the web.
Security experts say this is just the tip of the iceberg. IoT presents a massive security vulnerability, especially if the companies that produce, use, or sell these devices do not take identity management and security for IoT into account upfront and make it a top priority. To date, there has been no security model for IoT.
IoT Edge Capabilities
Delivers secure ecosystems at the edge (devices, services, users)
Offline users secure auto-onboarding without human intervention — self-authentication, as well as authentication of attached sensors and services that can retrieve standard OAuth2/OIDC JWT tokens.
Provides device fine-grained authorization similar to any user — creates a relationship between a trusted user and trusted device using OAuth2 device flows for IoT.
Integrates with leading IoT platforms, such as AWS IoT, Azure IoT, and Google IoT.
Root of Trust
Supports hardware-based root of trust (OP-TEE ARM), certificate, file-based, and other third-party credentials.
Includes ForgeRock SDK to accelerate integration.