Okta: In the IoT, every ‘thing’ has its own identity

Okta: In the IoT, every ‘thing’ has its own identity

Okta: In the IoT, every 'thing' has its own identity

Adrian Bridgwater attends this week’s Oktane17 user conference in Las Vegas, to analyze what Okta company executives really mean by ‘identity’ in an IoT context. 

In the IoT, ‘things’ are just things. They’re sensors, devices, machines, certainly – but typically, it’s additional layers of artificial intelligence (AI) that give these ‘things’ some semblance of sentient awareness and the ability to power intelligent decision-making. The things themselves are still just things.

But being ‘just a thing’ doesn’t imply a lack of identity. Every device has an element and expression of identity that denotes its name, form, function and place in the technology universe. More importantly, the identity of every device can help to control who or what has access to it, or can exchange information with it.

Enter Okta, a company that offers a dedicated identity authentication layer that developers use to implement IoT at the app, service, device and user levels. This week, the company is holding its Oktane17 user conference in Las Vegas, giving Internet of Business an opportunity to better understand its approach to the IoT.

The importance of identity

In particular, Okta insists that its specialist approach elevates identity as a function and a discipline that should be a dedicated part of the way all IoT systems (and all IT systems) are now engineered.

“It’s true, a device is just like any other resource,” says Alex Salazar, vice president of developer platform at Okta. But, he adds, a device has an identity in two distinct senses:

  • Device Identity #1 – A human user that programs an IoT home heating system expresses his or her identity through their own preferences and controls as they program that device.
  • Device Identity #2 – A sensor in a gas pipeline has an ‘identity’ in the sense that it has a log file locator, a ‘device name’, a numbered reference position and set of corresponding values that it creates in the database (or other store) to which it feeds data or to which it belongs.

Read more: Postman aims to help companies deliver on IoT edge computing

People at the device perimeter

Given this core proposition of device identity, Okta CEO Todd McKinnon warns that, despite IoT intelligence layers now spiraling, we humans will be still be ultimately responsible for device interactions.

“Integration is everything, but the perimeter of our networks has been redefined. Given the sheer volume of users now interacting with our networks, [we can say that] people are the new perimeter,” said McKinnon at this week’s event.

What Okta seeks to provide, then, is access to a multi-layered authentication service, but delivered as a layer inside the cloud. The Okta Adaptive Multi-Factor Authentication (AMFA) product is a cloud-based service, running on the firm’s own Okta Identity Cloud, and designed to provide a ‘unified identity layer’ across what are now increasingly diverse business networks and systems.

Read more: Vapor IO powers up hypercollapsed micro-datacenters

Identity steps out of the shadow

The problem, to date, has been that software application developers rarely rank identity functionality among their top project attributes. They prefer instead to focus on core functions and application power. Aspects of login, user (or indeed IoT device) access and authentication, device directory and datastream access, and other system function elements governed by identity, have not traditionally been regarded as appealing or sexy.

To address this problem, the main message reverberating around Okta’s keynote sessions at Oktane17 has been this: “We’ve made it so easy to implement an identity layer into all application architecture design – so why wouldn’t you implement it?”

The Okta platform is designed to be capable of breaking down ‘different types’ of applications, so that developers building identity controls into them can start to focus on two things: first, which apps will need the most identity access provisioning; and second, which apps will need the most work in terms of getting them to the point where they can integrate with other pieces of software in an ‘identity-secure’ way.

Read more: SAP shifts gears of IoT into business ERP

Age of consent

Ed Sawma is senior director of product marketing at Okta and, in explaining the predicament here, he suggests that IoT device identity can be a thorny subject. In other words, it’s about getting engineers (and ultimately, users) to appreciate exactly where identity fits into the total sphere of data management. This must be clarified, he says.

“An IoT device identity may well be ‘proprietary’ and so standard to a particular operating system, or indeed proprietary to some other system and set of protocols. The particular form of that identity will then dictate how we manage data coming on or off of that device.”

“But, crucially,” he continues, “to do anything with that data requires a level of authorization and that comes from identity management. If I want my grocery store to be able to access my IoT refrigerator so that they can analyze my milk drinking data, then I need to be able to authorize that action – and that control comes from being able to control device identity down to granular level, but actioned through a user-friendly interface.”

Read more: Nederlandse Spoorwegen uses Tibco to put data on rails

Identity Kool-Aid, want some?

Asking Okta CEO McKinnon if he thinks this is crucial time for identity to feature as a more prevalent aspect in all systems development discussions is hardly necessary.

“Of course I think this is our time. I actually can’t believe it has taken so long for this truism to come to the surface,” he says.

It’s hard to spend two days at an identity-focused event like Okta’s Oktane show and not agree with McKinnon. It’s like drinking the identity Kool-Aid and wondering why the developer and wider software engineering world hasn’t been ranking this layer as key to all device design from the start.

Should identity be broken out as a discrete, definable, dedicated service in the way that Okta has positioned it? For now, it would appear that the answer is yes, but whether it will be treated with more respect, and ultimately subsumed into wider systems design and management tools, is hard to say.

For now, please log in to more powerfully authenticated identity, whether you are a device or a human being.