John Barco, VP of product management, ForgeRock
John Barco, VP of product management, ForgeRock

The Internet of Things (IoT) has everyone giddy. You can record shows with your phone that you forgot to set on your DVR before you left the house. You can unlock your house without a key or turn on your lights before you get home. You can turn on the heater remotely so it's nice and toasty before you step in the door. Much more is to come; there's buzz about the connected car, healthcare devices, and the endless possibilities. Analysts at IDC predict IoT spending will exceed $7.3 trillion by 2017. While all this is great for improving the consumer experience, a dark shadow lurks behind it all: concerns about privacy and security. 

It's no surprise that the IoT is leading to a new category of cybercrime. The smart LED light bulbs that leaked Wi-Fi passwords are a recent example. What does a hack of such a device mean? We haven't seen one with devastating consequences — yet. But even relatively minor hacks can cause inconvenience for the user. Worse, these vulnerabilities break the customers' trust and tarnish a company's brand reputation, which can irreparably damage its business.

Identifying who's who and what's what has never been so complex. It's not just about protecting IoT devices but the entire ecosystem, from the customer to the partner, the web page, mobile device, mobile app, the cloud and everything else in between. Static and portable devices need to communicate with each other and human-to-machine and machine-to-machine identification and interaction must be taken into account. Without the right model in place, your organization could be at risk of making your data—and your customers'—openly available to cyber attacks.

The IoT requires a new way of thinking and acting, one that will protect a business and help it grow.  To ensure security in the era of IoT, I'd recommend organizations consider the following:

Think security: IT needs to authenticate customers outside the firewall. Users may want to access systems via multiple devices, and they will expect a user experience that is tailored to how, when, and where they access services.

Think ecosystem: Trying to duct-tape security architecture together or protect access on a device-by-device basis is not going to work effectively—or even at all. A single platform that unifies the entire ecosystem will provide a simple, repeatable way to protect a growing number of devices.

Think flexibility: Building a platform that supports and unifies the entire ecosystem is challenging enough, but you also need to keep the future in mind. Businesses need to support new services, new devices, and new infrastructure on the back end. Open source gives IT a platform it can build on and customize, while open standards offer the flexibility to adapt to future needs in a very standardized manner.