In his keynote speech at Oracle Open World today, Dr. Thomas Kiessling, Chief Product and Innovation Officer of Deutsche Telekom reviewed his company’s emerging business in M2M.  One use case he described has been referred to in some circles as the “Connected Cow.” Current technology allows dairy cows to be electronically tagged for identification and equipped with temperature sensors to detect the optimum time for breeding. This can help big dairies be more efficient and productive.

When I grew up on a small dairy farm in Idaho, we weren’t nearly so high tech! But now, as we grapple with the challenges of how to administer the expanding universe of people and devices in the Internet of Things, we should also think about how to connect cows and other animals to the Internet!  After milk cows, what will be next?  Dogs and cats?  Pet hamsters?

We have quite a few milk cows in the US (about 9 million), but we have about 78 million pet dogs and 86 million cats   If we connect all them to the Internet, just think of what we could do!

But I wonder how we would establish identity trust relationships with all these connected creatures!

Today I read an informative paper published by GigaOM Research entitled, “The Internet of Things: A Market Landscape.”  I find The Internet of Things to be the most interesting area of technology and business in my professional world today.  This paper did an excellent job of providing an overview of the IoT landscape and highlighting both opportunities and challenges.

A few things that I found intriguing:

IoT is not just new technology:

The internet of things is not a single technology trend. Rather, it is a way of thinking about how the physical world at large and the objects, devices, and structures within it are becoming increasingly interconnected.

The market is moving rapidly to mind-boggling scale:

1. Some 31 billion internet-connected devices will exist by 2020, according to Intel.
2. A family of four will move from having 10 connected devices in 2012 to 25 in 2017 to 50 in 2022.
3. Mobile subscriptions will exceed the number of people in the world by early 2014.

Identity is first on the list of important characteristics:

For things to be manageable, they need to be identifiable either in terms of type or as a unique entity. … Identification by type or by instance is fundamental to the internet of things.

The power of IoT comes from connectivity, not just individual components:

The internet of things is an ultra-connected environment of capabilities and services, enabling interaction with and among physical objects and their virtual representations, based on supporting technologies such as sensors, controllers, or low-powered wireless as well as services available from the wider internet.

The biggest challenges?  Security, monitoring and surveillance:

Computer security, say the experts, boils down to protecting the confidentiality, integrity, and availability of both data and services. With the internet of things looking set to create all manner of data, from heart rate and baby monitors to building management systems, there is clearly going to be a great deal to protect. …

The internet of things enables the whole world to be monitored. …  the potential for the inappropriate use of such technologies — for example, to spy on partners or offspring — will grow. In the business context as well, the role of the internet of things offers a wealth of opportunity but also of abuse.

The bottom line?  The possibilities are vast, the challenges daunting, but IoT is happening.  It will be great to go along for the ride.

This afternoon I completed a second step in an interesting exercise.  A couple of months ago, after reading about various alternative currencies, such as BitCoin, I signed up for an account with Ripple.com  which was born of an idea to use a decentralized currency system, base on the Ripple protocol for a payment network:

In its developed form, the Ripple network is intended to be a peer-to-peer distributed social network service with a monetary honour system based on trust that already exists between people in real-world social networks; this form is financial capital backed completely by social capital. 

Ripple uses the Ripple currency, XRP (sometimes called ripples).

I don’t understand the potential uses or the pros and cons of such a network, but I thought it would be interesting to see how they handled security and identity.

As of this afternoon, I now have a Ripple wallet at Ripple.com, and an account at SnapSwap, a new US-based Ripple gateway, that is linked to a personal bank account.  I have 2,500 Ripples in my wallet, placed there as rewards for signing up with Ripple.com and SnapSwap.  I think at the current exchange rate, all those Ripples are worth about USD $10. 

Somehow in this system, I am supposed to be able to exchange dollars for ripples and vise versa, but I haven’t figured out why I would want to.  Any ideas?

A link to an uplifting post by Tony Robbins caught my eye this morning – a post about Identity, but not about the digital type – about how we define ourselves.  I was inspired by these words from the post, “The Meaning of Life: Finding your True Identity:”

People have enormous capabilities beyond what’s thought to be possible. The power to tap into our tremendous potential comes from our identity: how we define ourselves, and what believe we can achieve.

Six “Key Principles of Identity” are proposed:

1. Identity is the most important power that determines our actions.
2. Once we know who we are, we must learn to be ourselves.
3. Sometimes, people maintain the illusion that their behavior decides who they really are.
4. When you take responsibility, you restore your identity.
5. The fastest way to expand our identity is to do something that’s inconsistent with our current self-image.
6. Our personal identities are in a constant state of evolution.

Knowing who I am is foundational for my life. I really believe that.

Today I had a very thought provoking Twitter exchange.  It started when I read the article, “GE just invented the first ‘internet of things’ device you’ll actually want to own.” Rather than tweeting the title of that article, I chose to quote a phrase deep in the article:

“pretty soon just about everything we own will have some degree of self-awareness” http://t.co/ZtySg70wMf #IoT

Quite quickly, I received two responses, which were really from the same person. Paul Roberts, tweeting both from his personal account @paulfroberts and his professional account @securityledger, responded: 

@mgd “everything we own” but nobody we know, unfortunately! 😉

Could it be that as we instrument our lives more completely in order to connect more efficiently with THINGS, we lose touch with PEOPLE we know?

It is ironic that rather than having this discussion face to face with anyone I know, I am sequestered in my home office communicating virtually with folks in cyberspace.  Am I really IN TOUCH more, or progressively OUT OF TOUCH?

Somehow, I believe we can achieve balance in all of this – seeking to capture the good in IoT and virtual connections while not abandoning the real-world relationships we hold dear.

 

Oh, the irony of our crazy industry!  Back in 2009, I blogged about a book entitled, “The Big Switch:  Re-wiring the World, from Edison to Google,” by Nicholas Carr.  This book proposed that the shift from traditional data center computing to a utility-based computing model will follow the same general trend that electricity generation followed – from a model of each individual factory maintaining its own electricity generation capability to our current utility-based electricity generation and grid delivery model. 

Today I read an intriguing article, “What’s threatening utilities: Innovation at the edge of the grid,” which proposed:

… utilities are structured to treat electricity as a commodity, produced in central power plants and delivered to consumers over long distances in a one-way transaction, with price and reliability of supply the sole concerns.  None of that is working anymore. Lots of forces are conspiring to put the current arrangement under stress, but the most important, in my mind, is a wave of innovation on the “distribution edge” of the grid.

Just think … at the same time as utility-style cloud computing is being hyped as the greatest trend in technology, the electrical utility industry is being decentralized to accommodate both generation and consumption at the edge!

One thing is certain.  Wait a few years and things will change some more!

Of the many articles I read today, which one piqued my interest the most? “Google Launches Mobile Backend Starter, A One-Click Deployable Cloud Backend For Android Apps.”

Mobile Backend Starter provides developers with a one-click deployable mobile backend and a client-side framework for Android that provides them with storage services, access to Google Cloud Messaging, continuous queries and Google’s authentication and authorization features. (emphasis mine)

 

Why is this important?  I can think of at least 4 reasons:

1. If this is the easiest way for developers to embed authentication and authorization functionality into their apps, guess which method they will choose?
2. If it is easy to exploit back end services from mobile apps, emerging apps will ail be richer in functionality and content, because app developers will focus on real application innovation, rather than re-inventing the AuthN/AuthZ wheel.
3. Google’s quest to become Identity Provider for the world just took a big step forward.  If app developers can easily rely on Google AuthN/AuthZ, other companies that aspire to be IDPs will be playing catch up.
4. This pattern of easy-to-use backend infrastructure available to developers could revolutionize application development as we know it – not just mobile apps.

The obvious question is “where are you, Apple?”  But a bigger question is for all of us engaged in enterprise IAM, “how will we quickly adapt to this model?”

Paul Madsen posted an excellent article today, “Identity, Application Models and the Internet of Things,” recommending that the prevailing application development model move back to the browser and away from native apps.  He references another excellent article by Scott Jenson, “Mobile Apps Must Die,” which holds that because we use so many native mobile apps, they are “becoming too much trouble to organize and maintain,” and that the native app model, “just can’t take advantage of new opportunities.”

Paul observed how, with the prevailing native app model, the “Internet of things would push us to have 1000s of native applications on our devices, but that would place a completely unrealistic management burden on the User.”

I agree that managing large numbers of apps is becoming very burdensome and counterproductive. Each airline I fly has its own app. Each store I frequent has its own app.  I have apps upon apps upon apps.

I propose, however, that just focusing back on browser apps doesn’t completely solve the problem, particularly with the Internet of Things.  A big problem is the narrow siloed focus of so many apps.

I recently bought a Fitbit device to track all the steps I take and stairs I climb.  It is a nice little device that syncs automatically with an app on my iPhone.  I can also use that app to record food I eat and water I drink along with the automatic recording of steps and stairs.  

However, the app covers only a fairly narrow silo of functionality.  If I want to record other vital statistics (e.g blood pressure or blood glucose), it takes another app.  If I want to record my workout at the gym with any degree of granularity, it takes another app.  Of course, every app has a different concept of my identity. Not good.

Paul’s discussion of a an app to monitor his toaster begs the question – why should I have an app (either web or otherwise) for every device in my house?  Doesn’t it make more sense to have a “home management” app that accommodates toasters, fridges, thermostats, smoke alarms or whatever other Internet connected things may be available?

I propose that we need a new app paradigm that retains the great user interface characteristics of native apps, the “just in time” model of discovery and use that Paul and Scott recommend, coupled with a more integrated approach to solving real life, but more complex use cases.

 

I like the diagram Mark O’Neill of Vordel put in a recent post, “Identity is the New Perimeter.” That phrase has been floating around for some time, but I think this diagram illustrates the concept in the simplest, clearest way I have seen:

The article does a good job of describing this new way of looking at security.  As Mark mentioned in the post, Bill Gates once said, “security should be based on policy, not topology.”

Today, I read an interesting white paper, “Big Data in M2M: Tipping Points and Subnets of Things,” published by Machina Research. From the introduction:

This White Paper focuses on three hot topics in the TMT space currently: Big Data and the ‘Internet of Things’, both examined through the prism of machine-to-machine communications. We have grouped these concepts together, since Big Data analytics within M2M really only exists within the context of heterogeneous information sources which can be combined for analysis. And, in many ways, the Internet of Things can be defined in those exact same terms: as a network of heterogeneous devices.

The white paper does a good job of exploring the emerging trends of the Internet of Things, potential business opportunities and challenges faced.

As one could expect, “authenticity and security of different kinds of data,” was identified as a big challenge:

Big Data is about “mashing up” data from multiple sources, and delivering significant insights from the data. It is the combination of data from within the enterprise, from openly available data (for example, data made available by government agencies), from data communities, and from social media. And with every different source of data arises the issues of authenticity and security. Machina Research predicts that as a result of the need for data verification, enterprises will have a greater inclination to process internal and open (government) data prior to mashing-up with social media.

The following diagram shows the increase security risk as more data from external sources is collected and analyzed.

This yet another indicator of how Identity and Access Management will be critical in the successful evolution of the Internet of Things.