News

Gartner: IDoT Is Necessary for the IoT

The IT researcher adds a new security category to the Internet of Things, called the Identity of Things.

• By Keith Ward
• 02/18/2015

The Internet of Things (IoT) is a growing area of the increasingly connected universe. Its advantages are many, but with those gains come new challenges. One of the biggest is security, in particular identity management. And because this is the IT world, analyst firm Gartner Inc.  has spawned a new acronym with which to tag this challenge: IDoT -- the Identity of Things.

In the past, Gartner has used another acronym, IAM, to describe what it calls "Identity and Access Management." IAM needs to significantly evolve, reports Gartner, because typical solutions can't scale to IoT size.

"IAM leaders must reconsider how traditional approaches to cybersecurity and IAM work in a world where devices and services are so abundant, in so many different forms and positioned at so many different points within the IT ecosystem," Earl Perkins, research vice president at Gartner, said in a press release.

Gartner describes the rationale behind the new acronym:

The Identity of Things (IDoT) is a new extension to identity management that encompasses all entity identities, whatever form those entities take. These identities are then used to define relationships among the entities -- between a device and a human, a device and another device, a device and an application/service, or (as in traditional IAM) a human and an application/service.

New ways must be developed to handle security in the IoT, Gartner says, emphasizing the relationships between devices and objects, and not just their identities. Doing that, Perkins said, "… allows the IDoT to exist and become part of new responsibilities for IAM in the enterprise."

Gartner has previously predicted a huge spike in the IoT in 2015, with a bump of 30 percent in connected devices like automobiles, refrigerators, wearable devices and even coffee makers. This year, Gartner expects there to be about 4.9 billion "things," with a value of $69.5 billion.

The U.S. Federal Trade Commission released its own report earlier this year that addressed IoT security, listing a number of concrete steps companies developing IoT devices should take. They include a defense-in-depth strategy using multiple layers of security; monitoring connected devices throughout their expected lifecycle; and building security into devices from the beginning, instead of tacking it on at the end.