IoT Security and Identity Access Management

By Cynthia S. Artin November 08, 2017

With all the emphasis lately being placed on securing the edge of the IoT and IIoT, secure network connectivity is often considered more of a “downstream” requirement. In fact, given the fundamental nature of smart products being valuable because they can be connected to the cloud, data and analytics, and increasingly real-time closed-loop systems, securing network infrastructure and the sessions moving over that infrastructure should be more than a second thought.

As more attacks through botnets are being announced, and particularly as IoT moves beyond consumer mainstream wearables and into massive enterprise deployments, IT and OT teams are paying more and more attention to securing access to the networks that connect more valuable things, including factory equipment, smart grid hardware, and more. Regulators are paying attention, and legislation is being drafted, particularly associated with critical infrastructure to ensure that the networks IIoT systems rely on are at least as secure as the end-points getting all the attention of late.

IoT is focused on the interaction between connected things, people, tools, and apps. Gartner called out the future need for Identity Access Management back in 2015, noting that “IAM” and Privileged Access Management (PAM) will be mainstays in ensuring IoT/IIoT networks cannot be hacked into by unauthorized administrators. We’ve learned recently that more than half of attacks on corporate networks have come from the inside – and when we envision a “corporate network” supporting, for example, dozens of chemical plants, we can also envision a dark situation where an employee can control the release of deadly chemical agents into the environment, for example.

IAM and PAM demands will become much more complicated in the world of IoT, with harder problems to solve, and exponentially more endpoints.

The security industry is seeing a paradigm shift whereby IAM is not only individually concerned with managing people but also managing the hundreds of thousands of “things” that are connected to a network.

IoT for IAM will require:

Enforcement of Security Best Practices: IoT solutions mingle the physical and digital worlds and results in more serious impacts from IoT-related data that includes intrusion of privacy and harm to physical property. Identity management solutions will need to be designed to address these concerns. IoT IAM platforms will need to offer end-to-end data encryption, DOS /overload detection, adaptive authentication, and automatic load balancing to provide the robust security capabilities needed to unlock the full potential of the IIoT in particular.

Privacy and Preference Management: End customers are concerned that as devices gain the ability to collect large volumes of personal data, the potential for privacy violations grows. This happens especially when this data is shared and used, which is part of the cloud and API nature of the IIoT. IAM solutions permit customers to self-manage preferences such as opting in or out of communications and granting their approval for data sharing. When a company sells an enterprise a solution connecting smart products purchased by consumers, they will insist upon the ability to reassure customers that by installing a smart doorbell, images of visitors to their homes will not become public. This is just one of many scenarios where a criminal inside an enterprise with access to the network could extract images and other information from an end-point the system designed to protect their customer, not expose them to identity theft.

Policy-Based Data Access Governance: IoT IAM requires extreme governance capabilities to manage data access across things, applications, people, and devices. Data access should be granted or denied as per the IP address, industry or geographic regulatory constraints, time frames, and individual customer consent. IAM solutions that centralize governance policies and execute them across multiple channels and collection points will be “table stakes” for identity management on the massive IoT and IIoT in the near future.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of practices to help ensure a secure cloud computing environment, has released a summary guidance report titled “Identity and Access Management for the Internet of Things.”

Identity and access management (IAM) will be vital to effective IoT solutions, says Saniye Burcu Alaybeyi, research director at Gartner. Ms. Alaybeyi further adds that IAM will soon become, if not already, an integral part of each and every IoT solution.

While we are starting to see early offerings in IAM and PAM specifically designed to protect the IoT and IIoT, we expect to see many more in 2018. 

Edited by Ken Briodagh

Contributing Writer

Related Articles

IoT Zombie Apocalypse and Post-Quantum Crypto: A Q&A with Infineon's Steve Hanna

By: Paula Bernier    2/23/2018

Steve Hanna has seen it all. But one thing Infineon's senior principal has not seen - and doesn't want to see - is the IoT zombie apocalypse.

Read More

Sustainable Smart Cities and How Natalia Olson-Urtecho Leads with Passion

By: Cynthia S. Artin    2/23/2018

Natalia Olson-­Urtecho is a city planner by education, a technologist by life­long learning, and a visionary strategist in the brave new world of conn…

Read More

IoT Accelerators on the Rise

By: Ken Briodagh    2/22/2018

Everyone in the IoT is looking for the best way to grow the industry, while also finding partners that will help their own companies grow. At the mome…

Read More

IoT for The Aging: You're Never Too Old To Innovate

By: Special Guest    2/22/2018

In the digital era of smarter cities and smarter homes, one of the biggest potential markets for IoT solutions is enabling aging people to remain inde…

Read More

Haltian Delivers Devices and Data to Lindstrom Textile Company

By: Ken Briodagh    2/22/2018

Finnish Internet of Things (IoT) device manufacturer Haltian reportedly is supplying Lindström with more than 100,000 IoT devices and a managed IoT da…

Read More