Five Crucial Identity and Access Considerations for IoT Security

Five Crucial Identity andAccess Considerationsfor IoT Security

2 © 2016 CA. ALL RIGHTS RESERVED.

Leveraging connected devices creates enormous new opportunities

for enterprises to increase efficiency, gather valuable data and deliver

enhanced value to customers.

The Internet of Things (IoT) is a vast and fast-growing network of online devices—ranging from smart meters to connected cars to home appliances, medical implants and industrial machinery.

“The installed base of IoT endpoints will grow from 9.7 billion in 2014 to

more than 25.6 billion in 2019, hitting 30 billion in 2020.” – IDC*

* IDC Research, Inc., Worldwide Internet of Things Forecast Update, 2015-2019, Carrie MacGillivray, February 2016, IDC #US40983216


http://www.idc.com/getdoc.jsp?containerId=US40983216&sectionId=US40983216-S-0002&pageType=SECTION

http://www.idc.com/getdoc.jsp?containerId=US40983216&sectionId=US40983216-S-0002&pageType=SECTION


In a world where hackers have already managed to hack cars, pacemakers

and baby monitors, it should be clear that the stakes are extremely high

when it comes to IoT security.

The level of connectivity inherent in IoT is also creating new challenges for enterprises—especially around security and privacy.



Here are five essential considerations for anyone concerned with managing

identities and securing access in the IoT age.

Organizations that want to execute IoT initiatives without compromising enterprise security or customer privacy will need to pay special attention to identity and access management.



Every IoT Device Has Its Own Identity

Every one of the several billion IoT devices will have at least one privileged account attached to it, so that each device can be managed remotely and its firmware can be updated.

This means billions of new users and billions of new access points that digital enterprises will need to manage in order to keep their backend systems secure and their customers safe.

1


IoT Identities Can Be Human or Machine

A great deal of this activity will happen on a machine-to-machine basis, so many devices’ privileged accounts will be owned and accessed by other devices, with no human intervention.

This will make the task of managing user identities and securing device access all the more challenging and complex for enterprises.

2



Every Online Identity is a Hacking Opportunity

With so many new access points being assigned to new (often non-human) identities, the number of potential online vulnerabilities will increase exponentially.

Given the scale of IoT and the significant dangers posed by IoT-related hacks, there is clearly a need for technology that simplifies the management of privileged identities in these scenarios.

3



PAM Can Help Secure Device Identities

Privileged Access Management (PAM) technology is emerging as a key technology for securing IoT devices and networks against misuse.

PAM raises the possibility of creating a central point for authentication and analyzing the validity of access based on context and usage patterns—all at a potentially massive scale.

4



PAM for IoT is still an emerging technology

Enterprise-grade PAM is not yet mature and it is certainly not optimized for IoT scenarios —so digital enterprises will need to stay abreast of developments in cutting-edge PAM technology.

At the same time, enterprises should use API Management to secure interfaces with connected devices and apply multi-factor or risk-based authentication to IoT-related access.

5


Securing Privileged Access in the IoT AgeTo learn more about the importance of security, identity management

and access control in the age of unprecedented connectivity, read this

new eBook from CA Technologies.

Read eBook


http://cainc.to/yR3V7j

Technology

Five Crucial Identity and Access Considerations for IoT Security