IAM has traditionally been all about security – but this is changing as businesses start to manage more digital identities, and as the IoT brings in billions of new devices
For years, the two fundamental pillars of identity and access management (IAM) came to pretty much the same thing.
1. Identity: Is the person who is attempting to access your corporate information exactly who they say they are?
2. Access: Does the person who is attempting to access your corporate information have permission to do so?
Before the days of technology, identity and access management was all about physically stopping the wrong people from accessing the wrong filing cabinet in the corner of the office. If the wrong employee tried to retrieve a document from the cabinet labelled “sensitive — board directors only”, you’d be able to put a stop to it immediately.When workplaces moved towards digital filing systems and corporate networks, many companies invested in IAM software to do the job that humans could no longer do because hackers and malicious employees could simply hide behind a computer screen.
And that’s where IAM has traditionally found its niche — security. The primary reason that businesses have, to date, invested in IAM has simply been because they had to. Cybercriminals are getting smarter, networks are getting more complex, everyone’s a target, and it’s a risky world without effective IAM.Now, though, a number of significant technology trends are shaping the future of IAM, turning it into something much more than just a security add-on. One example of that significant trend is the Internet of Things (IoT).
How the IoT is changing identity and access management
The IoT is redefining the concept of identity and access management — and the two are now inextricably linked. Saniye Burcu Alaybeyi, research director at Gartner strongly believes that “IAM will soon become, if not already, an integral part of each and every IoT solution.”So why is the IoT having such an impact on IAM? More than 20 billion IoT devices will be in use worldwide by 2020, according to Gartner. So, while traditional IAM was designed to manage just employees, IAM in an IoT world is evolving to manage employees, customers, devices and connected ‘things’ — and the complex digital relationships between all of them.
While the number of ‘identities’ is growing, IAM systems are becoming smarter. Now, IAM systems no longer rely simply on a username and password to grant or deny access.They use additional contextual information, like login location, time of day, browser, operating system, IP address and much more to build up a holistic profile of the person or device attempting access. Then, if an access attempt features something irregular, like a login attempt from a new device or at an unusual time of day, the IAM system automatically restricts access and mitigates any potential danger.While using these contextual ‘signals’ to determine identity improves security (because it collates a lot of different pieces information to build up a profile), this expanded way of using IAM opens up new ways to improve digital experiences for customers:
1. Ironing out the kinks of the customer experience
IAM can now make access to data and networks a much more convenient process. “Password-less” access, for example, could remove a considerable barrier in the authentication process through recognising the location of the login and whether it’s on a pre-approved device.
2. Providing a more tailored digital experience for customers
Using contextual signals, organisations can tailor digital experiences according to different audiences or consumers. For example, an airline could provide a different authentication experience for customers in London and customers in Bangkok — adapting to the different types of consumer behaviour in different countries.
Organisations can tailor experiences to more than just geography — Google Chrome users could be directed to one kind of digital experience and Firefox users to another. Or mobile users to one particular digital experience and desktop users to another. The possibilities are virtually endless, depending on whatever the organisation needs.
3. Putting power back in the hands of customers
Moreover, IAM can be part of a strategy to help you solve a long-standing customer issue, which is data privacy — something organisations need to consider seriously thanks to the upcoming GDPR. Many see the GDPR as a compliance tick-box exercise, but it’s so much more than that. The GDPR an opportunity to improve the relationship you have with your customers.
What you should look for in IAM for the IoT
Businesses should ideally look out for IoT-ready “identity relationship management” (IRM), which should be scalable, flexible and high-performing while offering a single view of an entire IoT estate — whatever the level of sophistication.With an IoT-ready identity platform, organisations can support a huge range of devices, whether they’re healthcare wearables or connected cars, or any yet-to-be-invented “thing” that organisations and their customers will use in years to come. IAM is no longer just a security tool, it’s an asset that helps you to better serve your customers.
Feel free to contact E-SPIN for identity and access management infrastructure and application security, infrastructure availability and performance monitoring solution.