IoT needs an identity layer – surely any #IDIoT knows that?

Written by on October 15, 2015 in Guest Blog with 0 Comments

Internet of thingsThe Gartner hype cycle is jolly bullish on autonomous vehicles, which I’m really looking forward to. According to Jerry Kaplan’s fascinating “Humans need not apply”, switching to autonomous vehicles in the US will save thousands of lives and billions of dollars every year. Personally, I couldn’t care less if I never drive a car for myself ever again, and I hope that Woking will become an autonomous vehicle only zone as soon as possible. Sadly, this won’t be for a while.

While autonomous vehicles are still embryonic, this movement still represents a significant advancement, with all major automotive companies putting autonomous vehicles on their near-term roadmaps.

[From Gartner’s 2015 Hype Cycle for Emerging Technologies Identifies the Computing Innovations That Organizations Should Monitor]

Gartner are even more bullish on what they call autonomous field vehicles (which I think means drones, combine harvesters and such like) and predict that these will be around in 2-5 years time, just like enterprise 3D printing and cryptocurrency exchanges. I couldn’t help but notice, though, that their very same hype cycle puts digital security at least 5-10 years out.

So they are forecasting that there will be vehicles running around for some years before we are able to secure them, 3D printers inside organisations printing things for years before we are able to protect them and people trading money years before we can stop hackers from looting them. Actually, I agree with Gartner’s prediction, as it’s entirely congruent with my own #IDIoT line of thinking, which is that our developments in connection technologies are accelerating past our developments in disconnection technologies. And if you don’t care what I think about it, you probably do care what Vint Cerf thinks about it.

“Sometimes I’m terrified by it,” he said in a news briefing Monday at the Heidelberg Laureate Forum in Germany. “It’s a combination of appliances and software, and I’m always nervous about software — software has bugs.”

[From Vint Cerf: ‘Sometimes I’m terrified’ by the IoT | ITworld]

We’re busy going round connecting vehicles, equipment and money to the internet with having any sort of strategy in place for disconnecting them, which is much more difficult (doors are easy, locks are hard, basically). And with chips that we don’t even understand being built into everyday devices, the complexity of managing security is escalating daily. Look at the recently-launched “21” idea.

Its core business plan it turns out will be embedding ASIC bitcoin mining chips into everyday devices like USB battery chargers, routers, printers, gaming consoles, set-top boxes and — the piece de resistance — chipsets to be used by internet of things devices.

[From Meet the company that wants to put a bitcoin miner in your toaster | FT Alphaville]

Really? Chips in everything? What could possibly go wrong? Oh wait, it already has. There’s something missing here: an identity layer. Hardly a new idea and I’m not the only person going on about it.

Everyone and everything will have an identity… We can’t scale a world that we can’t talk to, can’t control and can’t secure. Everything, including your toaster, you fridge and your car, will have an identity.

[From Facing the new Big Bang: The IoT’s identity onslaught — Tech News and Analysis]

Yet nothing much is getting done, despite that fact that we already have plenty of case studies as to how bad the situation is already. Never mind smart fridges that give away your personal details or televisions that spy on you there are issues about the maintenance and upkeep of things in the field that create an identity management environment utterly different to anything are used to dealing with in the worlds of OIX, Mobile Connect, SAML and so on.

Did you buy a smart TV or set-top box or tablet any time before January 2013? Do you watch YouTube on it, perhaps through an app? Bad news: Google has shut down the feed that pushed content into the app.

[From You buy the TV, Google ‘upgrades’ its software and then YouTube doesn’t work … | Technology | The Guardian]

It’s issues like this that make me want to focus on identity in the internet of things (or #IDIoT, as I call it) in the near term, so I was really flattered to be asked along by the good people at ForgeRock to talk about this at their London Identity Summit.  I was really looking forward to exploring some of these ideas and getting feedback from people who know what they’re talking about. What’s more, Consult Hyperion and the Surrey Centre for the Digital Economy (CoDE) delivered a highly interactive workshop session designed specifically for the University of Surrey’s 5G Innovation Centre SME Technology Pioneer Members on 20th November 2015. This included “business lab sessions” interleaved with presentations and discussion.

We put forward the #IDIoT structure to explore identity, privacy and security issues using our ‘3 Rs’ of Recognition, Relationship and Reputation. The event was an opportunity to establish contacts with companies interested in the IoT space, as well as connecting with the broader University community and a select group of large enterprises.

First published at CHYP.com and reproduced her with their kind permission.

Tags: , ,

David Birch

About the Author

About the Author: Dave is Director of Consult Hyperion, the secure electronic transactions consultancy and is an internationally-recognised thought leader in digital identity and digital money. Named in Wired magazine’s global top 15 favourite sources of business information; rated one of the NextBank “Fintech Titans”; voted one of the European “Power 50” people in digital financial services and ranked Europe’s most influential commentator on emerging payments. .

Subscribe

If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top