Blog post -

Demystifying Security and Identities for Internet of Things

Regardless of where you believe IoT is on the hype cycle you need to start planning on how you shall take control over the security of your IoT scenario otherwise you will find your self in a situation by far harder to manage than any change you have previously faced.

We know for sure that anything that matters when it comes to devices, sensors an other physical object will be connected to some kind of network, and we also know that these objects will create and hold sensitive data. We also know that these objects needs to be identified to secure them and the data and make sure access to the objects and the data is driven by authorization. The integrity of the data and the relationship of the data to physical persons and organizations will be on top of the agenda in a few years and if you don’t plan a head you will have some work to do in a few years.

But its not as dark as it looks even though the current discussions in the industry may make you think that there is no hope. There are already standards developed and standards in development that will help you address your IoT security and identity challenges and if you plan now and implement a life cycle management strategy for Objects, Identities and Data you can embrace the change and enjoy the benefits from then. Also make sure that you have an Identity and Access Management (IAM) infrastructure that can adopt your strategy.

A good approach is to base your strategy around these 5 steps;

  1. Activation of Objects
  2. Provisioning of Identities to Objects
  3. Authentication of Objects and Authorization of the Access
  4. Secure Transport of Data from and to and object and Security of Data at Rest on the Object
  5. De-activation of Objects including revocation of identities, clean-up of data and reset of the object

We recently recorded a webinar on the topic with Martin Kuppinger at Kuppinger and Cole, you can listen to the podcast here:

Per Hägerö

Topics

  • Data, Telecom, IT

Categories

  • technology nexus

Contacts

Lars Pettersson

CEO +46 8 685 45 60

Related content

neXus Hybrid Access Gateway 5.4.4

neXus recently made Hybrid Access Gateway 5.4.4 available.

The Hacked Jeep is not alone

A recent article in Wired shows how the threat is real and even though causing accidents might not be the prime target it points out that we need to take what we have learnt when opening up systems and API to the IoT world and not just care about remote access to IoT, its also about how different objects in the near perimeter act and are authorized to act.

The SCIM standards just grew up to become RFC's

Integrity and simplicity for both users and IT-departments just took a huge step forward on the Internet. The SCIM specifications, System for Cross-Domain Identity Management, are now published as publications by the Internet Engineering Taskforce (IETF) as RFC7643 and RFC7644. At neXus we are super proud because we have been playing a key part of the specifications.

Mobile app authentication by using Hybrid Access Gateway

Traditionally authentication in mobile apps is not much different from authentication in web applications. However there are some key differences in mobile apps
The UI is not build up on the server side so any changes to the UI (e.g. new authentication methods) requires new version of the application to be deployed. These kinds of things take time and focus from the actual app development. For

The IETF #93 meeting is wrapping up and it was a great week

 An very intensive Internet Engineering Task Force (IETF) week in Prague is just winding down. It’s been a great week in warm and welcoming Prague. IETF works on the specifications that together form the Internet and IETF attendees meets three times a year to try to make the internet, slowly but consistently, a better place. The gathering consists of quick presentations and long discussions in