Article; Handling Privacy and Security Concerns in the IoT: The Importance of Identity

July 16, 2015 // By Simon Moffatt, ForgeRock
This is the first in a three-part series on security and privacy related to the Identity of Things (IDoT). In the first part, we’ll take a look at the definitions and concepts of “identity” and the role it plays in tying users to their connected devices as they generate and store personalised data.

Today, we are in the infancy of widespread mobile Internet connectivity, which we typically obtain through Wi-Fi hotspots and 3G/4G network coverage. When we are not connected, we are invisible to others, unable to get the information we need and unable to interact with personal and professional networks. Further, this concept of ad-hoc connection to the network is evolving. The Internet is no longer a separate object that we have to seek and connect with explicitly.

Very soon, being “connected” will be so intrinsically tied to us that without it basic human interactions and decision making will become stunted. Switching an object on, purchasing it, enabling it, and checking in to it will make that device become “smart,” but it will also become tied to us. It will have network access and be able to communicate, send messages, register, interact, and contain specific contextual information, all on our behalf. The “Identity of things” is thus rapidly becoming a critical component of the modern Web.

A simple example is a popular running shoe company that now provides GPS tracking and training support information for a new shoe. That information is specific to an individual, centrally correlated and controlled, and then shared socially to allow better route planning and training techniques to be created and exchanged. The flow of information requires an “always on” Internet connection, though, which creates many questions surrounding device management, security, and privacy.

The IoT phenomenon will create device-, people-, and services-based connected infrastructure of over 50 billion objects by 2020. From a consumer perspective, home automation systems such as context-based lighting and heating or fridge restock systems help reduce energy consumption and billing, while also providing manufacturers and suppliers with powerful usage insights that can help improve products or provide better marketing opportunities. From a manufacturing or logistics standpoint, smart grid energy and electricity systems and improved SCADA (supervisory control and data acquisition) connectivity help automation and improve data flow.

Future things-based infrastructures will include the marrying of insured devices such as cars and human bodies to the underwriting of insurance policies. Allowing insurance companies to interact with intelligent devices such as cars and human-wearable monitors provides them with a unique metadata opportunity that could allow insurance companies to create more accurate policies and reduce consumer insurance costs. By allowing cars to capture servicing, distance, and maintenance data, insurance companies can help to identify lower-risk (or higher-risk) drivers and car owners. In turn, consumers can have much more customised policies at a lower cost. This cost reduction, however, comes at a price: the loss of data privacy.