Identity Flourishes in San Francisco

I recently attended the newly renamed Mobile World Congress Americas – formerly CTIA Super Mobility – which is an event I’ve been attending for more years than I care to count.

This year’s show was buzzing and was a new show in many ways, so I was very happy to participate in a panel titled “IoT Platforms and Services” that focused on the industrial IoT and ways to secure it.

Me (right) at the “IoT Platforms and Services” session at Mobile World Congress Americas 2017.

With estimates of the number of IoT devices now heading past 20 billion by 2020, including nearly 8 billion in business or industry, the security issue is becoming increasingly pressing. During the panel, I began to wonder in particular about who on earth would “vouch for the identity” of all those IoT devices.

I’ve written before about the ever-increasing “surface of attack” that the public internet represents, which is very much driven by the sheer number of devices and ways of connecting to the web. So, the bottom line is this: No matter how you look at it, 20 billion connected IoT devices represents a lot of risk, and will take an immense amount of policing to protect.


“It’s critical to understand that authentication and identity are two entirely different things. The first gives permission, but the second renews it before each interaction, because the identity of the person or device is known and understood in advance.”


In business and industry – where these devices might be monitoring and protecting vital national infrastructure; controlling highways, freeways, and self-driving cars; or communicating vital patient data in the medical profession – we’re going to need some reassurance that every connected device is tested, trustworthy, and free from outside interference.

On the panel, I started to talk about the need for identity, and my remarks caused a bit of a stir. While the moderator did try to draw us back to the topic, the reaction on stage, in the audience, and on Twitter seemed to indicate that I had touched a nerve.

It’s critical to understand that authentication and identity are two entirely different things. The first gives permission, but the second renews it before each interaction, because the identity of the person or device is known and understood in advance.

When you verify the identity, you should also know who supplied that device, who installed it, who made changes to it, and whether they were authorized to make the change – the very source of the identity of the object. That back story then plays a critical role in authorizing change and allowing network access.

The topic of security around IoT devices is prevalent but seems to be focused on the security of the device itself. But back to what we have said previously: These “things” in IoT are connecting to the internet, and without proper identification and without the management of that identity, the application for that IoT use case is at risk.

Tags: , , , ,

avatar

About the Author ()

As Chief Corporate Relations Officer and Chief of Staff, Mary Clark leads Syniverse’s global external and internal communications, which includes managing all public relations functions and serving as the company’s primary spokesperson, and she also oversees cross-functional alignment across Syniverse’s business. Previously, she was Chief Marketing Officer and also served as Senior Vice President, Next-Generation Roaming Services and Standards, and Senior Vice President, Roaming. Prior to joining Syniverse, in a career in mobile that has spanned more than 20 years, she held several executive-level positions at MACH, CTIA-The Wireless Association, Cibernet and Cellular One. Within the mobile industry, Ms. Clark is an Associate Director for the Competitive Carriers Association, is on the board for CTIA Wireless Foundation, and also serves on the CMO Council North America Advisory Board. She also speaks frequently on industry topics and has presented at such conferences as Mobile World Congress, and her insights have been featured in such publications as Global Telecoms Business (http://flickread.com/edition/html/560a93b1b4035#66). Among her many accolades, Mary most recently was named to the National Diversity Council’s 2017 “Top 50 Most Powerful Women in Technology” list (http://top50tech.org/2017) and Mobile Marketer’s “Mobile Women to Watch 2016” list (http://www.mobilemarketer.com/ex/mobilemarketer/cms/opinion/classic-guides/21930.html). She holds a Bachelor of Arts in communications from the University of Delaware.

Leave a Reply