While analysts at IDC are predicting spending on the Internet of Things (IoT) will exceed $7.3 trillion by 2017, the optimism surrounding this market is tempered by real concerns about privacy and security. IoT is paving new avenues for cybercriminals: take the recent revelations concerning smart LED light bulbs leaking Wi-Fi passwords, for example. Identifying "who’s who, what’s what, and who gets access to what" has never been so complex.

But it’s not just an issue of protecting IoT devices. It extends to the entire ecosystem, from the customer to the partner, the web page, the mobile device, the mobile app, the cloud and everything else in between. Static and portable devices need to communicate with each other, but human-to-machine and machine-to-machine identification and interaction also must be taken into account. Without the right model in place, organisations risk leaving their data (and their customers’ data) vulnerable to cyber attacks.

IoT requires a new way of thinking and acting to protect a business and help it grow. For example, customers need to access company systems via multiple devices and expect a user experience tailored to how, when, and where they access services. This will require a single, secure platform to unify the entire company ecosystem and provide a simple, repeatable way to protect a growing number of devices. Building a platform that supports and unifies the entire ecosystem is challenging enough, but organisations also need to be able to support new services, new devices, and new infrastructure on the back end.

1) So how do enterprises protect data they can’t see as it’s communicated between IoT devices and other parts of the ecosystem? Encrypting and authenticating data is important, but it’s also vital to know who accesses data and how, as well as where and when they access it to help ensure proper security. This knowledge can help verify whether the user is legitimate and that current behaviour is consistent with past behaviour.

2) Real-time contextual clues, in addition to credentials, can help organisations to better vet whether to give access and how much to give. If a system detects a login attempt with correct credentials, but from an unrecognised IP address or at an atypical time of day, it triggers additional security precautions such as asking security questions or texting verification codes to a user’s cell phone.

3) Contextual intelligence and awareness can add significant value to digital services. For example, Toyota’s in-car portal "knows" which car and which driver is accessing the Toyota platform, and where they are. This allows the system to recommend petrol stations, find a parking spot, and offer real-time traffic information and automatic rerouting. Other services can exploit a wide range of contextual data — such as location, time, customer record, temperature, device and virtually anything else — to customise interactions with users.

Identity management focused on the customer enables significant differentiation for products and services in an increasingly crowded market, allowing them to transform and personalise users’ experiences. For instance, a financial services portal could offer customers a convenient overview of all their activities and accounts in one place, and wearables — from fitness trackers to smart shoes — could offer a wide range of personalised functionality to support the user’s individual goals.

Much of the future development of digital identities will be made possible by a shift to Identity Relationship Management (IRM), which ties individual users and their many devices to consistent digital identities that an organisation can identify and interact with. This helps businesses to deploy seamless and secure services to customers across applications, devices, and things. IRM can support multiple devices per user, react to context, and scale up to accommodate millions of users at a time. It links devices (laptops, phones, tablets, even cars) and new mobile and social apps to a single security platform that enables identity synchronisation and single sign on anytime, anywhere.

IRM can provide organisations with a dynamic, proven security system that provides much greater insight into who accesses which systems from which devices and when. This new data helps companies to understand their customers, not just protect them. It opens up new revenue opportunities for cross-selling, upselling, and delivering personalised services to customers. Given the potent combination of iron-clad, adaptive security and a personalised customer experience, it is a technology every organisation should be evaluating now, preferably before the next big breach hits the headlines – and certainly before the next big breach hits them.

Neil Chapman is Senior Vice President & Managing Director EMEA at ForgeRock