Simon Moffatt, EMEA Director, advanced customer engineering at ForgeRock
A glance across London’s city skyline will soon tell you that the ‘smart’ building is not a new concept. Take the Gherkin, built in 2003 and recognised as one of the most distinctive skyscrapers in the financial district of London. The strangely shaped building more than lives up to its namesake – that distinctive shape is key to its renowned energy efficiency and smart use of natural lighting. Like many of it newer neighbours, the Gherkin’s smart construction is now being replicated in its smart use of technology. For example, the skyscraper has a number of sensors that monitor the weather, opening and closing blinds and automatically adjusting internal air temperature. This combination of smart design and use of technology is helping it to allegedly consume only half the energy of a similar-sized building.
The concept of smart buildings is a very real initiative that companies all over the world are embracing. When the initial wave of smart building implementation began rolling out a few years ago, the core focus was, understandably, on connectivity and efficiency to help cut costs. Most technologically smart buildings utilise the ‘Internet of Things’ or ‘IoT’, which simply refers to a network of internet-connected devices and sensors that make a building ‘smart’. But there is a big problem with these so-called connected devices; in most cases, they are actually unable to communicate with each other because they lack individual digital identities.
As a human, our identity is what makes us unique and tells others who we are. Without it, we’d be anonymous. The same concept applies to the IoT. With an estimated 25 billion connected things by 2025, we are facing something of an identity crisis! Without a unique identifier or an association to a person, objects are unable to communicate and therefore unable to provide context to the information that they generate or are exposed to.
Identity is also a key consideration when it comes to securing the smart building. When considered on a citywide scale, the security implications of the IoT are significant. Imagine if a hacker was able to compromise every connected device within a one-mile radius of a city’s financial district. They could control everything from electricity and ventilation to CCTV and building access systems. Not only might this cost the individual businesses money from a productivity perspective, depending on the devices that the hackers gained access to, it could also put citizens in danger.
Fortunately, the rise of digital identity management technologies means that connected devices and users can now be assigned their own digital identity. This means that they can now securely recognise and even interact with other identities to establish relationships between users, between users and connected things, and between the things themselves. Companies can then use real-time data and situational context to personalise individual interactions with the IoT and better understand how these objects are being used.
From a security perspective, it is equally important that every connected device within the IoT be it a car, a street lamp or a weather sensor, has a validated identity and is correctly attached to the network. If a device can be identified, it is that much easier to confirm that the data it is generating is genuine and can be trusted. Importantly, it also means that if the device is being made to do something that it is not permitted to do, this can be identified and prevented, before it does any damage.