Identity management was never easy. The basic need for identity is that of ‘non-repudiation’ - assurance that a person is who they say they are - as used to authenticate and authorise individuals to use IT resources, or enable access to web sites and services.
Things such as a login names, pins and passwords are examples of mechanisms that allow us to establish digital ‘identity’ today. For computer users and system managers, the difficulty has always been keeping tabs on all the different login details, number-generating dongles, and swipe cards and so on. The domain of "identity management" (the umbrella term for tools that help manage multiple identities, across multiple systems) is focused on helping with these issues.
So far so good, but I’m wondering if these ideas are thrown out f the window by the current trend - the Internet of Things (IoT), which enables a wide variety of devices and physical objects to connect to the Internet.
For a start, the establishing of "identity" is undergoing a significant evolution as illustrated by the term ‘the quantified self’. This term is being used to describe (for example) always-on fitness and personal monitoring devices. They are "connected", they know who we are but they do not require a traditional "log in". If these technologies know who we are, what is to stop them telling another computer system or from somebody else tracking our movements?
To take things one step further, with IoT it isn’t just people who need to be identified, but a wide array of other physical objects (from cars to fridges, from training shoes to toasters). To take a not-so-farfetched example, systems now exist to monitor livestock in the fields, and identify potential disease symptoms. A farmer will, however, want to be sure that the cows being monitored actually belong to the right farm and equally, that the mechanisms involved aren’t being used to hack into farm’s computer systems.
As we connect things to the Internet, then, we also need ways of ensuring they are what they say they are. This creates a new challenge - which is how to manage the identities of all the devices we are in the process of creating, in all their scenarios, shapes and sizes. No, identity management was never easy. But it looks set to become even harder (most commentators predict that, by 2020, over 20 billion devices with be connected to the internet (over two times the human population on earth at that time).
Symantec is excited about this area because we have spent the past few years building technical assets that could really help to solve this problem. By combining the user authentication, end-point security, device management and global intelligence assets, we plan to stay ahead of the game here and provide services that can help to make IoT a productive and secure reality.