Demystifying Security and Identities for Internet of Things

Regardless of where you believe IoT is on the hype cycle you need to start planning on how you shall take control over the security of your IoT scenario otherwise you will find your self in a situation by far harder to manage than any change you have previously faced.

We know for sure that anything that matters when it comes to devices, sensors an other physical object will be connected to some kind of network, and we also know that these objects will create and hold sensitive data. We also know that these objects needs to be identified to secure them and the data and make sure access to the objects and the data is driven by authorization. The integrity of the data and the relationship of the data to physical persons and organizations will be on top of the agenda in a few years and if you don’t plan a head you will have some work to do in a few years.

But its not as dark as it looks even though the current discussions in the industry may make you think that there is no hope. There are already standards developed and standards in development that will help you address your IoT security and identity challenges and if you plan now and implement a life cycle management strategy for Objects, Identities and Data you can embrace the change and enjoy the benefits from then. Also make sure that you have an Identity and Access Management (IAM) infrastructure that can adopt your strategy.

A good approach is to base your strategy around these 5 steps;

1. Activation of Objects
2. Provisioning of Identities to Objects
3. Authentication of Objects and Authorization of the Access
4. Secure Transport of Data from and to and object and Security of Data at Rest on the Object
5. De-activation of Objects including revocation of identities, clean-up of data and reset of the object

We recently recorded a webinar on the topic with Martin Kuppinger at Kuppinger and Cole, you can listen to the podcast here:

Per Hägerö