Organizations are developing lots of APIs these days, for e-commerce, digital app development, and B2B supply chain integration. Many are also hard at work integrating Internet of Things (IoT) devices into their corporate infrastructure.
According to IDC, the IoT market is growing from $100 billion in market revenue in 2017 to approximately $1.6 trillion by 2025. One interesting example is Chick-fil-A’s use of edge computing, in-store Kubernetes clusters, and IoT device APIs to monitor and manage their high-volume restaurant chain’s operational data.
“The secret behind the chain's speed and proficiency is running a Kubernetes cluster in every store. Sean Drucker, an executive technologist at Chick-fil-A, says that the chain serves one sandwich every 16 seconds at its peak. With well over 2,000 restaurants nationwide, that level of operational efficiency is achieved by hundreds of internet of things devices reporting operational data back to the business. The plethora of fryers, grills, and refrigeration systems … send telemetry back and forth to a three-node cluster… The cluster processes the data to keep every station stocked and working at max capacity.”
IoT devices, like individuals, though, need to have their identity managed because if an API-to-IoT connection is not properly secured, or the app that sets up and manages the devices is not secured, the risk of a security breach can be very high.
Smartphones and smart devices effectively increase the attack surface area when they are connected to organizational networks. Identity and Access Management (IAM) solutions can ensure IoT devices are as securely managed as more traditional corporate systems.
Everything is Code
Code is everywhere and part of daily life. The proliferation of IoT devices is one of the major reasons. To meet the challenge of a broader attack surface by increasing the level of security, organizations are building as much security into the code at the beginning of the development process, rather than considering security as an afterthought.
Many organizations have moved toward this “Shift-Left” philosophy, after being hampered by delayed projects due to failed security reviews. As organizations evolve their digital transformation efforts to focus on delivering new digital services to their customers, Customer Identity and Access Management (CIAM) is an area of security where delivering security as code can accelerate transformation products and projects. While developers are aware of the need for security, and the need to pass security reviews before deploying to production, they often do not have the security expertise, nor the understanding of CIAM best practices, to easily incorporate the necessary authentication and authorization processes.
Security as Code with IAM
Effective organizations with Security as Code initiatives deliver to developers standards and policy definitions as SDKs and pre-built templates early in the development cycle. Integration pipelines provide automated testing to confirm the authorization and authentication standards and policies and produce log files for input to the security review process.
A secure CIAM initiative provides a consistent login experience for each service, department, or website a customer interacts with through federated single sign-on (SSO). Multi-Factor and adaptive authentication provides strong security that scales based on the level of risk. User self-registration allows for easy onboarding of customers and password management and reduces administrative overhead. All of the ‘code’ necessary to deliver such a secure customer experience should be provided to the development team proactively from the onset of development.
Therefore, an ideal CIAM solution would enable developers with little to no security experience to easily incorporate capabilities into their applications.
Asgardeo by WSO2 is a new IDaaS that takes the complexity out of managing user access and enables building a secure and frictionless customer experience in minutes.
Asgardeo enables all of the key CIAM requirements organizations need to meet customer requirements and is built for developers with little to no CIAM knowledge. Asgardeo delivers built-in IAM best practices, easy-to-follow documentation, and common workflows, including SDKs to reduce the need for developers to have in-depth knowledge of IAM standards and protocols. Integration with social and enterprise identity providers enhances the customer onboarding and login experience. Strong authentication options include TOTP, passwordless with FIDO2, biometrics, and more to build a better secure login experience for customers. As mentioned previously, user self-registration allows for easy onboarding of customers and password management.
As an IDaaS, Asgardeo delivers all of this capability as a service, so organizations don’t have to worry about investing in and maintaining the infrastructure needed to support high transaction volumes. Organizations can use as much or as little capacity as required without purchasing and managing infrastructure.
Security as Code for All Organizations
Ensuring secure applications does not have to be limited to large enterprises with specialized developer skills and large budgets. Small to medium and start-up organizations can leverage Asgardeo to deliver scalable seamless and secure capabilities to their customers, no matter their size.
Getting started with Asgardeo is easy. Developers can sign up for the free edition immediately and start adding authentication to applications in minutes. Whether developing and protecting APIs or IoT edge devices, setting up a customer portal, or federating multiple SaaS API logins, Asgardeo has the depth and range of security as code required for the job.
WSO2 has released an early adopter version of Asgardeo, an IDaaS that sets new industry standards for enabling developers without security expertise to easily embed CIAM features into their apps within minutes. Try out Asgardeo's free trial or discover more about its features here or why not join the IAM4DEVS community to get the latest tips and tricks on all things Identity!
Alternatively, if you’re looking for an enterprise grade, API driven, open source solution that can manage millions of user identities without spiraling costs please view WSO2 Identity Server