May 7, 2020

Why do you need an IoT IAM strategy with Microsoft Azure IoT?

device authority

IoT Platforms like Microsoft Azure IoT need an IoT IAM strategy for secure, safe and accelerated IoT solutions


IoT platforms like Microsoft Azure IoT provide several capabilities and features to build and deploy IoT applications, solutions, services in a better, faster, more cost-efficient and integrated way. Azure IoT  brings together a bundle of services such as IoT Hub, DPS, Event Hub, Machine Learning, Stream Analytics, Notifications Hubs, Power BI, Web apps, Logic apps. It also enables quick interconnection of assets and supports a wide variety of operating systems and devices. Azure IoT Suite enables a quick method to start an end to end Enterprise IoT implementations by coordinating the required Azure services. Recently Microsoft enhanced the core services with additional offerings including Azure Sphere, Key Vault, Azure IoT Edge, Plug and Play etc.

Azure IoT Platform has been capturing many large Enterprise customers interest. Some of their well-known customers include Kroger, Starbucks, Shell. Microsoft is expanding the toolset to make it more appealing for SIs, ISV and Technology partners.

While the IoT products and services from the IoT Platform vendors and ecosystem partners continue to evolve, still security is the #1 concern for its adoption, introduced by the scale, unique characteristics as well as the consequences of compromised security. The IoT continues to grow rapidly but concerns about security remain a significant barrier and are hindering the adoption.

Bain and Co found 93% of executives would pay an average of 22% more for better IoT security

•       Security is hindering the adoption of IoT devices

•       Customers are looking for IoT security implementation to be simplified

IoT Platforms need to have integrated IoT IAM – Gartner




Data is integral to all IoT use cases. You can’t trust the data unless you trust the device. Device Trust (Identity, Integrity) and Data Trust (Security, Privacy, Integrity) need to be coupled and propagated across the edge and cloud services for successful secure IoT Solution. More and more IoT platforms are employing the trust based on the proven PKI cryptography models, e.g.. certificate/token based authentication, encryption, signing services..

IoT IAM is emerging as an important capability to provide Trust and Automation as an integral part of IoT Platforms. The industry experts and analysts have been providing guidance on this functionality. IoT IAM is a key the security glue across core constituents of IoT solutions, i.e. IoT platforms, Edge devices, HSMs, CAs and data security platforms to extend the proven PKI Trust and Automation. IoT IAM is substantially different from Traditional IAM, Traditional IAM is not suitable for IoT.

Many IoT platform vendors claim to have comprehensive IoT Device Management including some security operations as well. At the end they all ask customers implement the security with lot of human touch, connecting the different platform specific interfaces as per their platform requirements. Most of the platform vendors including Microsoft Azure IoT talk about shared responsibility, support with relevant tools but it is customer’s responsibility to build the right security model that works for their requirements and integrate with the chosen platform components. Another key requirement for IoT Use cases is the binding and protecting the secrets (private keys, crypto keys, authentication credentials) to the devices.



Device Authority’s KeyScaler platform, the first device-centric IoT IAM platform addresses the requirements discussed for IoT IAM, delivers flexibility and security without compromise along with an established partner ecosystem. In order to make it simple and easy for Microsoft customers and partners to adopt the Azure IoT platform, the KeyScaler core security automation components are offered as suite.

KeyScaler’s security suite for Microsoft Azure includes connectors for Device Provisioning Services (DPS), Azure IoT Hub,  Event Hub, IoT Central, Key Vault, Active Director Certificate Services and IoT Edge. Often Enterprise customers need a security framework that encompasses multi-platform, multi-cloud environment and integration with their existing IT security infrastructure to successfully deliver secure and compliance IoT Solutions.

For more details on Device Authority Security Suite for Azure IoT, please visit our dedicated Microsoft page which has videos, solution briefs and insight guides.


You can also sign up to our upcoming webinar with Microsoft and Wipro.

Alternatively, email the Device Authority team on for more assistance with your IoT project.

Rao Cherukuri