Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

How to Secure Customer Identities in the Era of Data Breaches and the Internet of Things

Whether managed in-house or in tandem with external agencies, an IoT device security strategy that considers the safety and security needs of a user, device and network holistically will produce a secure platform that promotes user connectivity.
By Sven Dummer

Device-Independent Identity
At the heart of an effective connected device strategy is a database of devices that keeps track of device attributes, entitlements for each device, and users or other devices associated with that device. In a managed security infrastructure, this information should reside independently of the device itself, to ensure that the device metadata and access are stored in a secure environment in the event that it is damaged or compromised.

Relationship Management
One thing that differentiates the IoT from a standard user model is the need to represent the relationship between the device and its users. A full IoT security strategy will include a structure for supporting access permissions for users tied to each device. For example, is there a single administrator? How is user access granted and rescinded? An effective IoT-device security strategy should support multiple levels of access and manage both the relationship of the user to the device and the relationship between users.

Standards-based Device Authentication and Scoped Access
Finally, authentication and scoped access are the primary components of gating connected devices. An IoT solution needs to generate, store, manage and deploy a high volume of access credentials. Each of those credentials needs to permit access at a feature level. In addition, credentials need to be properly scoped to ensure that a device can only access the features and data it is entitled to manage, in the same way that a service provider is scoped to access specific data and functions on behalf of an authenticated user. While a standard for managing IoT devices is not prescriptive, vetted and tried identity and access protocols will help secure the device authentication and authorization process.

The IoT is increasing the scale and complexity of IT security beyond the capabilities of a single organization. Whether managed in-house or in tandem with one or more external agencies, an IoT device security strategy that considers the safety and security needs of a user, device and network holistically will produce an IoT platform that promotes a secure, efficient ecosystem for increased user connectivity. You can learn more about how to protect consumer data in the world of IoT in our recent webinar with Merritt Maxim from Forrester Research.

Sven Dummer leads product marketing at Janrain, helping companies to build better online experiences for their customers through cloud-based customer identity and access management (CIAM). Previously, Sven worked with Silicon Valley startups as well as Fortune 500 companies, including Yahoo!, Wind River (acquired by Intel), SUSE and Microsoft, in product development, product marketing and management roles. At Intel, Sven also helped to launch (and named) the collaborative Yocto Project, an open-source initiative that enables users to create custom Linux-based systems for IoT devices, regardless of the hardware architecture used. Sven is based in the San Francisco Bay Area.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations