Regcast followup: Identity management in a connected world
Know your customers
In our Regcast Managing identity to drive business, ForgeRock’s Daniel Raskin explained why the function of identity management is changing from basic security and a way to lower operational costs to a world in which identity transforms your relationships (and the outcome of those relationships) with your customers.
Behind this sits a subtle change in what we consider “identity” to be in the first place. In the Regcast, Daniel defined it as the “brain” behind what your connected applications or connected products can do.
In our 2014 series of Regcasts, whether we were talking about workload placement, security, networking or identity management, we have regularly discussed how the need for flexibility and rapid transformation is changing the way the IT department must function.
Your ability to optimise your services at scale depends on your success in automating manual processes. To do that with identity you need this brain – one that can automatically apply a set of contextual rules, securely, for your customers.
Not small change
This is not the identity management that most IT departments have implemented for their staff or for customers who log onto a limited set of centrally-hosted services.
To explain why, Daniel showed a diagram of “the new technology stack” taken from a November 2014 Harvard Business Review article, How Smart, Connected Products are Transforming Competition (paywall).
The article concentrates on the business case for building this type of infrastructure and repays a careful read. It is not more hype about the internet of things (IoT), but rather a careful examination of what it will mean for your business, and what capability businesses who want to make the jump into the IoT world will put in place.
As the article points out, this is not a small change or an incremental one. It has little in common with the type of identity management that IT pros use to identify users, and even goes beyond the mobile device management that many IT departments are implementing today.
For many brands their skill at identity management will be a dimension of product quality. Millions of products will simply be one end of a service that is built on the ability to identify the user and the context and use it to create better value from sensor data.
As the Harvard Business Review says: “Once composed solely of mechanical and electrical parts, products have become complex systems that combine hardware, sensors, data storage, microprocessors, software, and connectivity in myriad ways… In many companies, smart, connected products will force the fundamental question, 'What business am I in?’“
Manufacturers of devices have no history or skill in adding a connectivity layer to mechanical products
For many companies, especially those with a B2B focus, early network-aware products are still coming to terms with the implications of this question.
One of the basic problems that has held back home automation, for example, has been that the manufacturers of devices have no history or skill in adding a connectivity layer to what have always been mechanical products to heat, cool or clean.
It is not, in other words, the business that they are in. But added to that is their lack of experience in partnering with the technology providers that might make this transition possible.
Fundamental questions about how identity is managed (whether it is the identity of the user, the object or the data that the interaction generates) arise. We can already see the results: in June 2014, the Reg reported on the poor security design of early IoT products.
Identity in the IoT is not simply a security problem. We can understand that the quality of a mass customisation service will depend on recognising the user and the context: cars that adjust their settings for each driver or home heating that can store and apply individual preferences.
Too techie for my shirt
But identity is fundamental for service provision too: these smart services will inevitably be delivered from the cloud. Building an application platform into every one of the things that make up the IoT is expensive and pointless (do you want to perform an upgrade on 50 billion devices?).
So, while the sensors and connectivity will reside in the thing, many-to-many IoT rules engines, product databases and smart applications will be remote, standardised across many different devices or manufacturers, often provided as a service to the manufacturer, and accepting millions of secure, identified connections per second.
Wearable technology, one of the most hyped categories in 2014, is an example. Our Regcast showed the Ralph Lauren Polo Tech Shirt, which senses distance, calories burned, intensity of movement, heart rate and other data, and sends it to your mobile device.
But for our shirts to understand us they need to know who we are and who they can tell about us. Which is why identity management will be the cornerstone of most companies’ relationship with their customers.
Many Reg readers may prefer it if what goes on in their shirts stays in their shirts. ®
Sponsored: Becoming a Pragmatic Security Leader