IoT Security and Identity Access Management


With all the emphasis lately being placed on securing the edge of the IoT and IIoT, secure network connectivity is often considered more of a “downstream” requirement. In fact, given the fundamental nature of smart products being valuable because they can be connected to the cloud, data and analytics, and increasingly real-time closed-loop systems, securing network infrastructure and the sessions moving over that infrastructure should be more than a second thought.

As more attacks through botnets are being announced, and particularly as IoT moves beyond consumer mainstream wearables and into massive enterprise deployments, IT and OT teams are paying more and more attention to securing access to the networks that connect more valuable things, including factory equipment, smart grid hardware, and more. Regulators are paying attention, and legislation is being drafted, particularly associated with critical infrastructure to ensure that the networks IIoT systems rely on are at least as secure as the end-points getting all the attention of late.

IoT is focused on the interaction between connected things, people, tools, and apps. Gartner called out the future need for Identity Access Management back in 2015, noting that “IAM” and Privileged Access Management (PAM) will be mainstays in ensuring IoT/IIoT networks cannot be hacked into by unauthorized administrators. We’ve learned recently that more than half of attacks on corporate networks have come from the inside – and when we envision a “corporate network” supporting, for example, dozens of chemical plants, we can also envision a dark situation where an employee can control the release of deadly chemical agents into the environment, for example.

IAM and PAM demands will become much more complicated in the world of IoT, with harder problems to solve, and exponentially more endpoints.

The security industry is seeing a paradigm shift whereby IAM is not only individually concerned with managing people but also managing the hundreds of thousands of “things” that are connected to a network.

IoT for IAM will require:

Enforcement of Security Best Practices: IoT solutions mingle the physical and digital worlds and results in more serious impacts from IoT-related data that includes intrusion of privacy and harm to physical property. Identity management solutions will need to be designed to address these concerns. IoT IAM platforms will need to offer end-to-end data encryption, DOS /overload detection, adaptive authentication, and automatic load balancing to provide the robust security capabilities needed to unlock the full potential of the IIoT in particular.

Privacy and Preference Management: End customers are concerned that as devices gain the ability to collect large volumes of personal data, the potential for privacy violations grows. This happens especially when this data is shared and used, which is part of the cloud and API nature of the IIoT. IAM solutions permit customers to self-manage preferences such as opting in or out of communications and granting their approval for data sharing. When a company sells an enterprise a solution connecting smart products purchased by consumers, they will insist upon the ability to reassure customers that by installing a smart doorbell, images of visitors to their homes will not become public. This is just one of many scenarios where a criminal inside an enterprise with access to the network could extract images and other information from an end-point the system designed to protect their customer, not expose them to identity theft.

Policy-Based Data Access Governance: IoT IAM requires extreme governance capabilities to manage data access across things, applications, people, and devices. Data access should be granted or denied as per the IP address, industry or geographic regulatory constraints, time frames, and individual customer consent. IAM solutions that centralize governance policies and execute them across multiple channels and collection points will be “table stakes” for identity management on the massive IoT and IIoT in the near future.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of practices to help ensure a secure cloud computing environment, has released a summary guidance report titled “Identity and Access Management for the Internet of Things.”

Identity and access management (IAM) will be vital to effective IoT solutions, says Saniye Burcu Alaybeyi, research director at Gartner. Ms. Alaybeyi further adds that IAM will soon become, if not already, an integral part of each and every IoT solution.

While we are starting to see early offerings in IAM and PAM specifically designed to protect the IoT and IIoT, we expect to see many more in 2018. 

Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Contributing Writer

Related Articles

New Quectel SG520B Smart Module Series Designed for Industrial and Consumer IoT Applications

By: Alex Passett    12/7/2023

Quectel Wireless Solutions has announced the latest in its smart module series: SG520B, which is great for applications that require high data rates a…

Read More

Sensors Saving Lives: A Look at NOVELDA's New Child Presence Detection Technology

By: Alex Passett    12/6/2023

NOVELDA, a provider of highly accurate and intelligent sensor solutions designed for human presence detection, is debuting its new X7 Ultra-Wideband (…

Read More

A New Level of Remote Connectivity: TEAL and Stargent Partnership Drives IoT Solutions

By: Alex Passett    12/5/2023

Earlier this morning, IoT companies TEAL and Stargent officially announced their new partnership. The goal therein is to utilize each other's strength…

Read More

Smart Water and Sewer Solutions, Courtesy of LTIMindtree and Metasphere

By: Alex Passett    12/4/2023

LTIMindtree announced that it has been selected as a strategic partner by Metasphere to scale their Smart Sewers management platform.

Read More

Direct-to-Device Innovation, Courtesy of Viasat and Skylo Technologies

By: Alex Passett    11/28/2023

Viasat and Skylo Technologies seek to unlock the potential of Direct-to-Device (D2D) services for consumers, businesses and governments around the wor…

Read More