The future of Identity and Access Management (IAM) in IoT will escape the confines of user-focused identity and transition toward a more inclusive model. The new multi-faced approach will include machine and system identity along with IoT device and platform management operations, according to a new analysis research report by global tech market advisory firm ABI Research.
IAM is yet another identity and security framework that poses significant challenges when crossing from the IT realm onto the IoT. Most cloud providers regard IAM as a purely user-focused term while other IoT device management and platform providers make references to IAM in device access control. “IAM in traditional IT environment is used to streamline user digital identities and to enhance the security of user-facing front-end operations using a variety of management tools, privilege management software and automated workflows to create a user-focused authorization framework,” says Dimitrios Pavlakis, Senior Cyber Security and IoT Analyst at ABI Research.
The explosion of IoT technologies has significantly increased the sheer volume and complexity or interconnected devices, users, systems, and platforms making traditional IT IAM insufficient, if not problematic in some cases. “Insufficient access control options, legacy infrastructure and proprietary protocol dependencies, traditionally closed networks, the fervent increase in digitization, albeit with lackluster security operations, are some of the most prominent challenges for IAM in IoT,” Pavlakis explains. Regardless of which IAM terminology is used, these challenges along with the highly complex IoT identity value chain point toward a more competent model of IAM, which touches upon various technologies and security protocols to be considered under the IAM umbrella including: user privilege management and on-prem access control, edge-to-cloud integration, cloud directory-as-a-service, system and machine ID, data security and governance, API management, IoT device identity, authentication and access control.
“The justifiable lack of a unified IoT security standardization framework, the fact that organizations are always on a reactive approach versus proactive, the emergence of the new cyber-threat horizon and the ever-present budget restrictions also forces implementers to create an ‘approximation’ of IAM protocols by examining IoT applications on a case by case basis,“ says Pavlakis. “No matter how you slice it, IAM in Industrial IoT obviously ought to be significantly different than IAM protocols in finance settings and further blurs the lines between access control for system, machine and user ID.”
Prominent IT IAM vendors include Cisco, IBM, Microsoft, Oracle, RSA, ForgeRock, Giesecke and Devrient, Ping Identity, Idaptive, Micro Focus, Okta and Ubisecure while new vendor categories under the IoT IAM umbrella can include telcos, IoT device, gateway management or platform providers including Entrust, Globalsign, Pelion, Sierra Wireless, Cradlepoint, Kerlink, and Advantech.
These findings are from ABI Research’s Identity and Access Management Solutions for the IoT application analysis report. This report is part of the company’s Digital Security research service, which includes research, data, and analyst insights. Application Analysis reports present an in-depth analysis of key market trends and factors for a specific technology.
About ABI Research
ABI Research is a global technology intelligence firm delivering actionable research and strategic guidance to technology leaders, innovators, and decision makers around the world. Our research focuses on the transformative technologies that are dramatically reshaping industries, economies, and workforces today.
ABI Research提供开创性的研究和战略指导，帮助客户了解日新月异的技术。 自1990年以来，我们已与全球数百个领先的技术品牌，尖端公司，具有远见的政府机构以及创新的贸易团体建立了合作关系。 我们帮助客户创造真实的业务成果。
For more information about ABI Research’s services, contact us at +1.516.624.2500 in the Americas, +44.203.326.0140 in Europe, +65.6592.0290 in Asia-Pacific, or visit www.abiresearch.com.
Asia: +65 6950.5670