Author: Mark Dixon
Wednesday, December 3, 2014
Yesterday, at the Gartner Identity and Access Management Summit, Earl Perkins, Gartner’s Research Vice President in Systems, Security and Risk, gave a thought-provoking talk, proposing that Identity and Access Management as it is today is not going to cut it for the Internet of Things. Some the highlights include (filtered through the lens of my interpretation):
- IoT can be described as as set of devices that can sense and interact with the world around it. Such devices can sense, analyze, act and communicate.
- Devices, services and applications are creators or consumers of information, and must join humans in having identities.
- Architectural concepts of IAM may still hold, but the scale will be vastly larger and must accommodate more than human identities.
- Perhaps the word “thing” should be replaced by the term “entity”
- Every entity has an identity
- We need a model of entities and relationships between these entities.
- We must address layered hierarchies of identities.
- We should not separate device management and identity management systems.
- Identity Management and Asset Management systems will likely converge.
- Identity and Access Management may become:
- Entity Relationship Management
- Entity Access Management
- We may think of architectures in four levels: things, gateways/controllers, connectivity, applications and analytics.
- Two major camps of consumption: Enterprise (where more money is currently being spent) and Consumer (which is hot and sexy, but not currently making much money).
- Strong year-over-year IoT growth is happening in four industry sectors:
- Automotive – 67% CAGR
- Consumer – 32% CAGR
- Vertical specific – 24% CAGR
- Generic business – 44% CAGR
- Companies are “throwing jello against the wall” to see what sticks.
I really like Earl’s ideas about convergence of “entities” and “relationships” between entities. Please note my blog post Identity Relationship Diagrams posted in March 2013.
I also favor his view that identity management should not be separate from device management.
It will be interesting to see how architectures are transformed and what “jello sticks to the wall” in the coming years.