Identity and Access Management for the Internet of Things

By   ISBuzz Team
Writer , Information Security Buzz | Oct 11, 2015 06:00 pm PST

Internet of Things (IOT) Working Group Provides Easily Understandable

Recommendations for Securely Implementing and Deploying IoT Solutions

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, announced that its Internet of Things (IoT) Working Group (WG) has released a new summary guidance report titled “Identity and Access Management for the Internet of Things.” The Internet of Things (IoT) has been experiencing massive growth in both consumer and business environments.  In response to this emerging market and the particular security requirements of these connected devices, The CSA established the IoT Working Group (WG) to focus on providing relevant guidance to its stakeholders who are implementing IoT solutions.

The IoT introduces the need to manage exponentially more identities than existing IAM systems are required to support.  The security industry is seeing a paradigm shift whereby IAM is no longer solely concerned with managing people but also managing the hundreds of thousands of “things” that may be connected to a network.  In many instances these things are connected intermittently and may be required to communicate with other things, mobile devices and the backend infrastructure.

“This document is the first in a series of summary guidance aimed at providing easily understandable recommendations to information technology staff charged with securely implementing and deploying IoT solutions,” said Brian Russell, co-chair of the Internet of Things Working Group for the Cloud Security Alliance. “With this guidance, the CSA’s IoT Working Group is seeking to provide prescriptive guidance to stakeholders detailing an easy-to-follow set of recommendations for establishing an IAM for IoT program within their organization.”

To help security practitioners ensure the integrity of their IoT deployments, the report details 23 recommendations for implementing IAM for IoT which are drawn from real-world best practices culled by CSA’s IoT Working Group along with guidance from a number of other organizations including the Kantara Initiative, FIDO, and the IETF.

Some of these recommendations include :

  • Integrate your IoT implementation into existing IAM and GRC governance frameworks in your organization
  • Do not deploy IoT resources without changing default passwords for administrative access.
  • Evaluate a move to Identity Relationship Management (IRM) in place of traditional IAM.
  • Design your authentication and authorization schemes based on your system-level threat models.

[su_box title=”About Cloud Security Alliance” style=”noise” box_color=”#0e0d0d”]cloud security allianceThe Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. [/su_box]