The internet of identities is coming and will bring massive IAM changes

New demands for scale, security and machine learning will support massive proliferation of internet-connected devices.

Internet of things face
Thinkstock

My colleague Mark Bowker has a concept called the internet of identities.  How does this differ from the internet of things?  The internet of things is about, well things – devices, controllers, actuators, etc.  But these things will perform tasks, collect data, connect to other devices, etc.  In other words, each device will have an identity with multiple attributes, and each of these attributes must be understood to enable good things to occur and block bad things from happening.  Thus, the internet of identities.

Now as organizations add thousands or millions of new devices to their internal and cloud-based networks, identity and access management (IAM) technology will go through a massive transformation.  An organization’s IAM infrastructure will have to accommodate:

  • Massive scale. New IAM technologies will have to support millions of devices (and users), each with its own list of attributes.  So, think of an N-by-N matrix of identity attributes.  Furthermore, these users and devices may be transient – appearing and disappearing as part of some type of business or operations process.  Asset auditing alone will be a massive endeavor. 
  • Privacy and security requirements. Devices need to have hardened configurations, unique identities, multi-factor authentication capabilities, and secure communications from device-to-device.  This will require new types of policy engines and enforcement controls that are tightly-integrated with existing networking, cloud, and IAM infrastructure. 
  • Continuous intelligent monitoring. To maintain availability, high-performance, and security, the Internet of identities will require continuous monitoring.  Given the emerging scale here, it’s safe to say that human beings won’t be able to keep up with activities, so keeping the Internet of identity trains running on time will depend upon an infusion of artificial intelligence and machine learning algorithms that can separate normal from anomalous behavior and then translate all of this into actionable intelligence for carbon-based life forms. 

With all due respect to Microsoft, I don’t think you will be able to manage and security the internet of identities with Active Directory – a technology that was originally designed to compete with Banyan Vines and Novell, way back in the day.  Think of AD and multiply it by some exponential factor. 

As the internet of identities takes shape, Mark and I expect some pretty big changes.  For example:

  1. Organizations will centralize IAM management and procurement. IAM grew organically in the past and tended to be managed by a loosely-coupled cabal of application developers, IT operations and security folks.  As the internet of identities evolves, organizations will realize that they won’t be able to use their existing IAM patchwork deployment to address Internet of identity scale or enable new business processes.  At that point, many organizations will make a next-generation identity infrastructure a high priority.  Firms will also create positions for chief identity officers, experienced individuals with the right business and technical chops to transform their identity infrastructure and champion a new IAM strategy.
  2. Identity runs to the cloud. The need for massive scale, perpetual connectivity, and processing power to monitor the whole enchilada will drive large organizations to embrace cloud-based IAM services. 
  3. Security takes a bigger IAM role. According to ESG research, 66 percent of organizations claim that their security group is significantly or somewhat more involved with IAM policies, procedures, and technologies today than it was 2 years ago.  This is just the beginning however.  As the internet of identities takes hold, CISOs will be intimately involved in crafting and enforcing identity policies.  Look for a much bigger focus on data privacy as well. 

The IT industry has been talking about identity-based computing and identity-based networking for years but it was more of a vision than reality.  As the internet of identities evolves, this vision will come true, leading to a period of confusion, innovation, and transformation. 

When will this happen?  We are driving toward the internet of identities on-ramp today, but the traffic on the highway is moving a lot faster than we think.  In other words, the internet of identities and all that comes with it are coming soon. 

SUBSCRIBE! Get the best of CSO delivered to your email inbox.