Last week, I wrote a post about how with the proliferation of the Internet of Things, “things” within an organization - those smart connected devices that are able to think on their own - will emerge as insider threats in the future. At the end of that post, I said that things will eventually become another identity we will have to secure and manage.
I’ve been thinking about that a lot since writing it.
Users and devices are two very different groups to manage. They each have their own tendencies and behaviors, so the securing of them must be handled similarly, but also somewhat uniquely.
User identity is what all IAM platforms and solutions have been developed to manage and secure. The best ones, when implemented properly and enforcing the right policies, protect an organization against the inherent human error that employees and contractors carry.
Device identity is something that will evolve a bit over the next few years because there currently aren’t very many IoT devices on organization networks yet. While we know some of what must be done to secure them, we don’t yet know enough about their inherent errors. That information, similar to protecting against human error, will shed a lot of light on how we can best secure the identities of those things and the organization they reside in. Mobile device management isn’t enough because MDM solutions are securing against how a user uses a device. IoT device identity management must be bigger, more comprehensive and more integrated. These devices don’t have a user. They think for themselves.
I believe that IAM technology is what is best suited to manage and secure IoT devices in the future. As we learn more about these smart connected things, we will better learn how to secure them and how to expand IAM technology to manage them.