Enterprises looking for ways to identify and manage the growing number of connected devices are finding that traditional identity and access management solutions aren’t always a good fit for the Internet of things.
LogMeIn is trying to address the issue with the introduction of a new identity manager solution for its Xively Internet of things (IoT) platform. Company officials unveiled Xively Identity Manager Oct. 1, the opening day of Xperience 2015, a two-day IoT conference In Boston hosted by LogMeIn.
Xively Identity Manager offers customers a white-label solution that can be used to onboard and manage new end users of IoT devices, according to officials. Using an API, customers can use the new offering with Web and mobile applications, which the company said are the primary ways people create accounts for their new connected devices.
As part of LogMeIn’s IoT platform, the Xively Identity Manager also integrates with the Blueprint feature in the platform. Blueprint was introduced earlier this year and is designed to make it easier for organizations to manage the various roles, permissions and relationships for not only the people in their connected business, but also the devices, partners and applications. Through the integration of Xively Identity Manager and Blueprint, companies will be able to manage the identities and access for employees, customers and applications, as well as connected products and their data, officials said.
LogMeIn is looking to offer enterprises a way of managing devices that can address the security and management challenges that the IoT raises. These range from the sheer number of devices and the multiple users of these devices to the data and applications that run on them, according to Paddy Srinivasan, vice president of products for Xively by LogMeIn.
“To date, most companies building connected products have been stuck between retrofitting enterprise IAM [identity and access management], which is inherently inward facing, using consumer Web options, which means sacrificing control to third parties, or taking a do-it-yourself approach,” Srinivasan said in a statement. “Xively Identity Manager is designed specifically for IoT use cases, giving our customers a turnkey option for reducing risk, bolstering security, and accelerating time to market.”
Gartner analysts in February said that being able to manage identities and access will be important to the adoption and success of the IoT, but that current IAM solutions are not made to handle the scale and complexity the IoT presents.
“Traditional, people-focused IAM systems have been unable to accommodate the propagation of devices and things to give a broad and integrated view for IAM leaders,” Ant Allan, research vice president at Gartner, said in a statement at the time. “The ‘Identity of Things’ requires a new taxonomy for the participants in IAM systems. People, software that makes up systems, applications and services, and devices will all be defined as entities and all entities will have the same requirements to interact.”
Gartner defined the Identity of Things—or IDoT—as a “new extension to identity management that encompasses all entity identities, whatever form those entities take. These identities are then used to define relationships among the entities — between a device and a human, a device and another device, a device and an application/service, or (as in traditional IAM) a human and an application/service.”
LogMeIn executives noted that identity management and authentication in the IoT is further complicated by the myriad numbers of people who may need access to a single device. For example, a homeowner may buy a connected thermostat, but other people living in the house, representatives from the manufacturer or service technicians may need access at various times. Xively Identity Manager is designed to handle such scenarios, they said.
By using the Xively product, businesses can quickly offer an identity solution that can collect data regarding the users of the devices, and—in conjunction with Blueprint—map the identities to the devices to enable access control. In addition, customers can manage the full lifecycle of the device for both primary and secondary users, and develop profile graphs of users, officials said.