Keeping the “Internet of Things” Simple

I once received a lengthy letter from a friend of mine that quoted the old adage, “I would have written a shorter letter, but I didn’t have the time.”

We often find in our lives that there is too little time to deal with so much stuff and information that we are barraged with each day, let alone managing it effectively. The so-called Internet of Things has the potential of crippling enterprise organizations who do not take the time to simplify now. However, by simplifying in two areas, they can save headaches caused by complexity in the future.

The Internet of Things Brings Complexity

A Harvard Business Review article identifies the Internet of Things (IoT) as the “the third wave in the development of the internet.” The IoT is defined by the decline of the PC and mobile eras as more and more devices of various types connect to the Internet – an expected 28 billion devices by the end of this decade, according to Goldman Sachs. These devices range from smart watches to smart homes, from automobiles to automated industrial equipment – technology that promises to simplify our lives, but has added a new layer of complexity to enterprise organizations.

With the anticipation that there will be 28 billion “things” connected to the Internet by the end of this decade, the impact on enterprise complexity is enormous. Employees and business leaders will be seeking to access a wide variety of data. Because of this increase in device and data complexity, there are new requirements for identity management, API access, security and access to stored data.

The complexity caused by the IoT can be addressed by simplifying two things:

  • Identity management
  • API access
Simplify Identity Management

Identity management is crucial for enterprise organizations. Over the past few years, we’ve seen an increase in identity management professionals. This role is increasingly important, and identity management professionals should have the tools available to simplify and centralize identity management and access control.

As organizations provision devices, data and applications to users, they need to deliver them in a way that is secure and scalable. When an IT organization has complete control over the process, it is complex. However, the complexity is exponentially exacerbated when much of this provisioning and delivery is done in the cloud and across personal devices.

Organizations can securely enforce user access to data through any app from any device by extending their identity management system’s capabilities to authorize third party applications to access the organizations’ resources. They should work through a centrally managed API gateway that provides Single Sign-On (SSO) making it easy for users to provide authentication credentials once by creating a re-usable identity token. Future requests by the user can be authenticated and authorized without prompting the user for their credentials again, providing a smooth and seamless user experience.

While Forum Sentry provides this functionality – enabling high-performance SSO within an enterprise – the API gateway can also consume and generate a variety of identity token types and map between tokens. Almost all API and SOA interactions require establishing trust between service consumers and providers. As a result, generating and consuming identity tokens for authentication and authorization decisions should become as automated as possible. This is a critical aspect of SOAP, XML and REST-based communication that powers the Internet of Things.

Simplify API Access

The IoT has become a massive computing ecosystem made up of billions of uniquely identifiable computing devices that consume data, applications and information from the Internet. These devices each require APIs to fulfil their need to connect, create and consume data across the Internet. This could cause crippling complexity.

APIs are the access point that enables IoT devices and apps to be connected to data and services. As more and more devices come online, enterprise organizations must find new scalable and re-usable ways to provide secure communication between the applications and data. Unfortunately, many enterprises have not implemented re-usable processes or solutions and address API access on a case-by-case basis.

Part of the issue is security. Developers want to code custom solutions, thinking they are more secure. In reality they use building blocks of other less secure technologies to develop their solutions. We saw the danger in this with HeartBleed last year. If a system is compromised, developers must update each custom coded access point that is affected. This is not scalable, too time-consuming and complex for any enterprise organization to deal with.

However, centralizing the API security allows organizations to have a single point of access to update policies and stay ahead of possible cyberattacks. The API gateway technology approach is essential to scale your enterprise-class access to the IoT. Again, the Forum Sentry API Gateway helps organizations simplify by providing centralized integration across devices, applications and data.


As more connected devices are created and get smarter, the IoT will become even more widely adopted. However, along with its adoption the complexity and risks associated with exposed data will also increase. By simplifying identity management and API access, the promises associated with the IoT can help businesses become more competitive and help business units find new opportunities and areas of growth. As organizations act to simplify now, they can reduce complexity in the long run as more and more devices and apps become available.

“Nothing is more simple than greatness; indeed, to be simple is to be great.” ~ Ralph Waldo Emerson