A smarter, more secure Internet of Things Travis Greene Identity Solutions Strategist, NetIQ
Internet of Things
Internet of Things What “things” and how did we get there? Goldman Sachs, What is the Internet of Things?, September 2014
Two Critical Components Things People behind the “Things”
The Internet of Things- A Few Examples
The Risk Presented by the Internet of Things
The Internet of Things will change the way we use and interact with technology. Devices will constantly monitor and respond both to us and to each other. We must learn to manage this interaction.
“Another evolving area of risk lies in physical objects—industrial components, automobiles, home automation products, and consumer devices, to name a few—that are being integrated into the information network, a trend typically referred to as the ‘Internet of Things.’ The interconnection of billions of devices with IT and operational systems will introduce a new world of security risks for businesses, consumers, and governments.” 2014 PwC State of Cybercrime Survey
“The development towards an IoT is likely to give rise to a number of ethical issues and debates in society, many of which have already surfaced in connection with the current Internet and ICT in general, such as loss of trust, violations of privacy, misuse of data, ambiguity of copyright, digital divide, identity theft, problems of control and of access to information and freedom of speech and expression. However, in IoT, many of these problems gain a new dimension in light of the increased complexity.” 2013 European Commission Report on the IoT
Gartner Hype Cycle
So, how do we do that?
Focus on the identities
Too many users with too much access
Too many users with too much access devices
We can’t leave it to the manufacturers’ plan
We can’t stop attacks, but we can mitigate the damage
Focus on the basics Enforce access controls Monitor user activity Minimize rights
But how do we understand if the activity is appropriate?
The answer is NOT more data Security teams already have too much data to deal with New tools and new infrastructures compound the problem
Simply put… There’s too much noise and not enough insight
Security needs context… What access? Access okay? Normal? Where? Who? Identity?
We don’t know how attackers will get in but we must spot them when they do.
What is the key? Identity
We must adopt identity-centric thinking if we want to have any chance of maintaining control over the world we are building
Identity of Everything
The Identity of Everything allows the creation of a unique set of attributes Who or what every connected item or person is What permissions those objects and people have What they do with those entitlements Who granted the permissions How other people and devices may interact
Google Nest, a home automation hub Collects data from other appliances & sensors But there is a homeowner identity behind it that Google wants to market to And that owner will have relationships to many other things The Identity of Everything will be both Hierarchical and Matrixed
NetIQ provides a unique combination of Identity, Access and Security solutions that will scale to address the future demands on identity
Actions for Today, Tomorrow, Next Year Understand the identity stores you already have Examine how identity information is used in your organization Look for ways to integrate identity context into your product design to protect data collected by IoT sensors Start to build a framework to handle more sophisticated, aggregate identity, that can scale Work towards an extensible identity framework that will encompass people, products, devices and services