When Identity Management and the Internet of Things Collide, New Opportunities Emerge

Successful organizations must be able to securely manage ever-evolving devices and connected things, as well as the billions of relationships between these devices, their users and digital services that come with the IoT.
Published: October 21, 2015

One of the quickest ways in which entrepreneurs can advance their business is by adopting new technologies that take advantage of the burgeoning world of Internet-connected devices. Technology market research firm IDC forecasts that the Internet of Things (IoT) market opportunity will grow to $1.7 trillion by 2020.

What does this IoT device landscape look like? In the consumer realm, common examples include wearables and connected appliances. Using a range of embedded sensors, fitness wearables track, analyze and compare your workout to those of other users. Connected thermostats, such as Nest, allow homeowners to remotely manage, track and analyze their energy usage.

In both of these examples, though, an end user’s privacy and security needs to be front and center. Many IoT vendors are not putting much energy into user privacy, which could be a deciding factor between long-term winners and losers in this market.

I like to track and analyze my own workouts, but consider that information personal. I don’t want others to be able to see how I’m progressing (or not), or to have access to potentially personally identifiable information, such as my location or schedule. Companies must be able to protect my personal privacy while rapidly rolling out new IoT-connected services.

Privacy, by design, must be viewed as a requirement. End users must be empowered to control their personal data with user-managed access allowing them to authorize, manage and share data from a single control point, giving them ownership over their personal privacy. Only then will IoT adoption explode.

The impact of maintaining customer privacy stretches beyond the IoT. If secure data sharing is possible between all users, cloud services and connected devices, businesses can access a tremendous amount of actionable customer intelligence, such as shopping habits, from timing to preferences to price points. Protecting privacy, building customer trust and enabling data sharing are foundational elements of a successful digital business.

Tech-savvy consumers expect privacy. But the Online Trust Alliance (OTA) Online Trust Audit found that 14 percent of leading IoT products do not have a discoverable privacy policy for consumers to review prior to purchase. That lack of attention to privacy will alienate many customers as their data is shared or compromised in ways they didn’t foresee, and these businesses will suffer the consequences with customers and profits lost.

One way to fold privacy and security into IoT devices and still enable incredible new business opportunities is to implement identity-management (IM) technologies. Nearly all businesses have a way to catalog, organize and authorize access to things like email, applications and business systems. By applying these kinds of IM principles across billions of connected devices, organizations will be able to leverage similar security and privacy access and authorization frameworks to give users and customers the comfort and assurances that will ultimately enable greater IoT adoption and innovation. It’s the Wild West out there, and applying IM to devices gives users the peace of mind that, for example, the health information from their Apple Watch isn’t going to the wrong place or being used for fraudulent activities.

In addition to mobile and wearable devices, IM can be layered onto connected home appliances and automobiles. Inserting identity technology into connected “things” is like dipping chocolate into peanut butter. It’s a natural match. Independently, they’re both great, but combining the two opens up a world of new practical applications.

Imagine that an identity-enabled car could recognize the driver’s phone as he or she approaches, triggering the vehicle to unlock the doors, automatically adjust the seats and mirrors, tune the radio to a favorite station, set the car’s temperature, upload the phone’s Google Maps directions and more. An identity-enabled TV set-top box could automatically react to the programming preferences of a specific TV viewer. When a user wearing a connected watch approaches the box, it could pull up that person’s show, genre and rating history, and make credible suggestions based on those expressed preferences. These are just two examples of what can be done by tying identity to a “thing.”

IM-enabled IoT devices understand who they belong to, and use real-time data and situational context to personalize and protect the customer experience. The technology is already delivering services to millions of connected devices and “things” in a secure, scalable and repeatable way. Device-makers that implement IM can quickly respond to business needs and reinvent themselves, rolling out new services to any device or thing more quickly than their competitors and delivering a significant market advantage.

Consumers who have complete control over the information collected and shared by the devices at their homes, in their cars and on their bodies are increasingly motivated to incorporate the IoT into their daily lives. When consumer privacy is respected and protected by identity technology, the opportunities for businesses of any size in the IoT space are infinite.

Daniel Raskin is the VP of strategy at ForgeRock, an open platform provider of identity-management solutions. Raskin has more than 15 years of experience building brands and driving product leadership.