Q&A: ForgeRock on Identity Management in the age of the Internet of Things

As the Internet of Things rapidly moves from concept to hardened reality, businesses are ever having to balance the need to offer a seamless online experience across multiple platforms for their customers with a tight grip on security and potential cyber offences.

ForgeRock is a multinational identity and access management software company, enabling companies to eliminate business silos and create a single view of their customers.

Chief Architect for OpenAM, Jonanthan Scudder, answers some questions on identity management and what this means in the age of the Internet of Things, and whether increasingly sophisticated cyber criminals pose a meaningful threat.

BRE: Outline the industry you are in. What is Identity and Access Management?

JS: The “Age of the Customer” is really the “Age of the Internet”.  Customers can go online to find what they want, when they want it. This is driving the pace of business innovation faster than ever before as companies race to develop new revenue streams and increase loyalty by rolling out more personalised and more dynamic services.  

A huge challenge in this race to innovate is just how to connect customer and citizen identities to these new offerings. It is a paradox of openness and restriction.  On the one hand companies need to provide easy, seamless access across platforms and services including the cloud, mobile devices, customer portals, social platforms, and the Web.

On the other they must protect customer security and ensure that customers get exactly, and only, what they pay for.  This is where Identity and Access Management Software comes into play.

What is Identity Relationship Management? How does it differ to IAM?

Traditional identity and access management (IAM) services were built for internal use, controlling access to data and systems behind the firewall.  However, we’re now entering an era known as the Internet of Things, and in the next few years the number of connected devices is going to grow exponentially.  This creates both a challenge and an opportunity for companies.

READ MORE: [Infographic] What the Internet of Things will Look Like in 2020

Before the Internet of Things companies only connected computers to other computers within the network and behind the firewall. These were deemed to be ‘safe’ and security was a simple, small-scale affair.  It involved creating identities for internal stakeholders and granting employees secure access information. It also required taking away those access rights once an employee left the company.

However, the dawning of an era where all things are connected has turned this approach to identity on its head. Organisations now need to provide access to external identities, including customers, partners and other important stakeholders.  

IT systems need to cope with millions of identities, most of them outside a firewall, and IT departments need to manage the communication between static and portable devices, as well as human-to-machine and machine-to-machine identification and interaction. The situation has never been so complex.

Unlike traditional IAM platforms, Identity Relationship Management (IRM) enables the development of secure relationships across the Internet – including cloud, social, mobile and enterprise environments.  In effect, IRM can extend identities to any ‘thing’ connected to the Internet and is not limited to connectivity behind the firewall.

Why is it important to be equipped with IAM/IRM? What are the potential consequences of not being equipped?

The winners and losers in today’s digital world will be determined by how they approach the issue of identity as they develop new offerings.  Those that utilise the right identity platform can quickly respond to the needs of their business, reinventing themselves to roll out new services to any device or thing more quickly than their competitors.  This will deliver significant advantage in the market.

How much of a threat does the increasing sophistication of cyber criminals pose?

Every business that holds personal data needs to reevaluate the security of its IT infrastructure and continually assess how it mitigates risk but also ensure the right users have access to only what they need.  Most importantly businesses need to look at how advances in technology can help manage identities so that they can continue to benefit from wider connection and sharing of personal data, without running the risk of exposure.

The shock of one mega data breach barely has time to fade before the next one arrives. Data security is making headlines in the mainstream press, and consumers are anxiously recalling credit-card purchases they made months ago. But this is only the beginning. For too long, organisations have been collecting identity information without stringent security precautions in place to protect it. The consequences are only just starting to hit home—and they’re hitting hard.

The key security advantage of IRM is that it ties users to digital identities that an organisation can identify and interact with.  This means they can securely and seamlessly deploy services to these customers across applications, devices, and things. IRM offers organisations a dynamic, proven security system that outclasses anything that came before it.

At the same time, because it provides much greater insight into who accesses which systems from which devices and when, its benefits go far beyond security. This new data helps companies to understand their customers, not just protect them. It opens up new revenue opportunities for cross-selling, upselling, and delivering personalised services to customers.

Given the potent combination of iron-clad, adaptive security and a personalised customer experience, IRM is a technology every organisation should be evaluating now—preferably before the next big breach hits the headlines, and certainly before the next big breach hits them.