IoT Needs Identity Security, Too

By Randy Vanderhoof, executive director of the Smart Card Alliance

Too often, security is an afterthought in emerging markets experiencing rapid growth and lacking strong standards and regulations. With 21 million connected devices expected to be in the market by 2020, and no standards in place, the Internet of Things (IoT) falls into that category.

The Smart Card Alliance has been a leader in challenging markets to put more emphasis on identity management, strong authentication techniques, and multiple layers of security to replace single-factor ID cards and passwords to access secure facilities and sensitive information networks. So it makes sense that the Smart Card Alliance has an important role to play in making IoT more secure as well.

Photo by Zuberka/iStock / Getty Images

To bring security to the forefront, the Alliance wants to raise awareness about the requirements for security for developers and operators of nascent networks of connected devices and highlight best practices for using embedded security hardware and software in all connected devices.

Embedded chip security is needed to protect the “identity” of each device, to prevent unauthorized tampering with how these devices are designed to work, and to protect the privacy and security of the vast amount of data the devices generate. A principle behind the security of smart chips is that the chips not only control how the devices perform under normal conditions, but also control how the devices react when they are attacked or tampered with in any way, including self-destruction, to prevent tampering. Applying those techniques – already proven and implemented for protecting and managing the identity of persons – will deliver a secure platform for the billions of connected devices.

To support these efforts, the Smart Card Alliance launched the Internet of Things Security Council this past April. Some of the early work for the new council will be to define a security framework for the IoT ecosystem, and to explain how embedded chip security and identity management approaches can work effectively at securing things. Over time, the Alliance can apply that awareness and knowledge to the major markets we already serve that are moving to IoT applications, such as payments, mobile, healthcare, and transportation.

In addition to the new council, the Smart Card Alliance is also hosting the Security of Things conference on October 18-19 in Chicago (more information on that at

With strong results from the council and a successful conference in October, we hope to attract new industry leaders from outside of the Smart Card Alliance who want to lend their knowledge and expertise about the IoT and security to contribute to our effort. If you are interested in joining, visit us here for membership details.