The Internet of Things (IoT) revolution has finally arrived at our doorsteps. While the current offering of smart devices is still limited in the consumer market, Gartner has predicted that there will be 25 billion IoT devices in use by 2020. More and more companies are jumping on the IoT bandwagon to take advantage of what will be a hugely lucrative industry.
However, organisations need to be wary of the great risk IoT presents – the potential for hacking and data breaches. With more connections and points of entry, IoT inherently increases exposure to cyber risk. And within the hyper-connected domain of IoT, one small data breach can have a domino effect across several connections.
For example, an employee may infect their organisation by coming to work with a compromised wearable device, or pulling their hacked connected vehicle into the company cark park.
> See also: Gartner's Internet of Things predictions
With 25 billion devices expected to touch every aspect of our lives and gather more and more data, this introduces a new type of risk with significantly increased complexity and exposure. What can organisations do to protect consumers, employees and themselves?
The foundation of all IoT devices will be an ‘identity layer’ that will allow the secure deployment of a large number of connected devices and will allow access to approved individuals. Identity, ‘the collective aspect of the set of characteristics by which a thing is definitively recognisable or known’, can be proved through sophisticated and complex set of authentication techniques, which is traditionally led by the password.
Though interconnectivity between different networks and devices was originally limited, continuous upgrades to the underlying, invisible infrastructure grew to enable an ever-greater stream of information to flow.
However, the larger a network grows, the less effective the password becomes – even if used by a device. 25 billion IoT-connected devices means that it will be impossible to securely authenticate every part of the network with passwords. Could a device establish and store a different password for every single access point? And if so, wouldn’t this collection of passwords be a huge liability waiting to be discovered by hackers?
One way to tackle this problem is to reduce the number of passwords required to authenticate different applications, devices and trust domains through federation. Devices increasingly need to authenticate to other actors in different trust domains – or actors to which the device does not have an established relationship with.
Federation allow users to authenticate only once with an existing credential to a trusted domain and be issued with a token that allows it to authenticate to other actors and domains.
Federated Single Sign On (SSO) technology allows passwords to be replaced with standardised security tokens for everyday tools and services such as social media apps or emails. These tokens are issued by a website the user has logged into directly but simultaneously gives access to a range of other applications – mitigating a password explosion and simplifying the process for the user.
Additionally, SSO technology allows the authentication of a specific device to be tied to a particular user by issuing tokens specific to a ‘relationship’. This model, for example, would enable a smart car to send a ‘close’ message to a garage door controller from a different manufacturer if it sensed a growing distance between the car and garage.
This type of technology also allows the authentication of a specific device to be tied to a particular user by issuing tokens specific to a ‘relationship’. As the IoT will likely result in many devices operating on a behalf of a particular human, or set of human beings, this kind of distinction will be crucial.
Many great things have been predicted for the Internet of Things, suggesting that the coming growth in connected devices will have a substantial impact on the way we live our lives. Smart home devices will be able to manage utilities, controls doors and windows, monitor security and report to homeowners in real time; doctors will be able to remotely monitor the conditions of their patients at any hour of the day through home devices; smart cars will display the nearest parking space.
These are scenarios that we can expect with the IoT revolution. However, as we hand over more and more of our decision-making to our connected devices, it is vital that we have identity-focused and secure infrastructures in place that are capable of managing the growing complexity of the emerging connected world.
Sourced from Hans Zandbelt, senior architect, office of the CTO, Ping Identity