A smarter, more secure io t gartner iam summit uk 2015 - netiq - travis greene

A smarter, more secure Internet of ThingsTravis GreeneIdentity Solutions Strategist, NetIQ

© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.2

Internet of Things


Internet of Things What “things” and how did we get there?

Goldman Sachs, What is the Internet of Things?, September 2014


Two Critical Components

Things People behindthe “Things”

The Internet of Things- A Few Examples










The Risk Presented by the Internet of Things




• The Internet of Things will change the way we use and interact with technology.

• Devices will constantly monitor and respond both to us and to each other.

• We must learn to manage this interaction.


“Another evolving area of risk lies in physical objects—industrial components, automobiles, home automation products, and consumer devices, to name a few—that are being integrated into the information network, a trend typically referred to as the ‘Internet of Things.’

The interconnection of billions of devices with IT and operational systems will introduce a new world of security risks for businesses, consumers, and governments.”

2014 PwC State of Cybercrime Survey

“The development towards an IoT is likely to give rise to a number of ethical issues and debates in society, many of which have already surfaced in connection with the current Internet and ICT in general, such as loss of trust, violations of privacy, misuse of data, ambiguity of copyright, digital divide, identity theft, problems of control and of access to information and freedom of speech and expression. However, in IoT, many of these problems gain a new dimension in light of the increased complexity.”

2013 European Commission Report on the IoT


Gartner Hype Cycle

So, how do we do that?

Focus on the identities

Too many users with too much access

Too many users with too much access

devices

We can’t leave it to the manufacturers’ plan

We can’t stop attacks, but we can mitigate the

damage

Focus on the basics

Enforce access controls

Monitor user

activity

Minimizerights

But how do we understand if the activity is appropriate?

31

The answer is NOT more data

• Security teams already have too much data to deal with

• New tools and new infrastructures compound the problem

Simply put…

There’s too much noise and not enough insight

Security needs context…

What access?

Access okay?

Normal?

Where?

Who?

Identity?

We don’t know how attackers will get in but we must spot

them when they do.

35

What is the key?

Identity

We must adopt identity-centric thinking if we want to have any chance of maintaining control over the world we are building

Identity of Everything


The Identity of Everything allows the creation of a unique set of attributes

• Who or what every connected item or person is

• What permissions those objects and people have

• What they do with those entitlements

• Who granted the permissions

• How other people and devices may interact


• Google Nest, a home automation hub

• Collects data from other appliances & sensors

• But there is a homeowner identity behind it that Google wants to market to

• And that owner will have relationships to many other things

The Identity of Everything will be both Hierarchical and Matrixed

© 2014 NetIQ Corporation. All rights reserved.40

NetIQ provides a unique combination of

Identity, Access and Security solutions

that will scale to address the future

demands on identity


Actions for Today, Tomorrow, Next Year• Understand the identity stores you already have

• Examine how identity information is used in your organization

• Look for ways to integrate identity context into your product design to protect data collected by IoT sensors

• Start to build a framework to handle more sophisticated, aggregate identity, that can scale

• Work towards an extensible identity framework that will encompass people, products, devices and services

+44 (0)1344 [email protected]

NetIQ1 Arlington Square,Downshire Way, Bracknell,Berkshire, RG12 1WA, UK

www.netiq.com/communities

mailto:[email protected]

http://www.netiq.com/

http://www.netiq.com/communities

http://www.linkedin.com/groups?gid=2745833

http://www.facebook.com/netiq

http://www.twitter.com/netiq

http://www.twitter.com/netiq

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.

Copyright © 2015 NetIQ Corporation. All rights reserved.

ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other countries.

Documents

A smarter, more secure io t gartner iam summit uk 2015 - netiq - travis greene