a smarter, more secure internet of things from netiq at gartner iam summit 2015

A smarter, more secure Internet of Things

Travis GreeneIdentity Solutions Strategist, NetIQ

© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.2

Internet of Things


Internet of Things What “things” and how did we get there?

Goldman Sachs, What is the Internet of Things?, September 2014


Two Critical Components

Things People behindthe “Things”

The Internet of Things

- A Few Examples

The Risk Presented by

the Internet of Things


• The Internet of Things

will change the way we

use and interact with

technology.

• Devices will constantly

monitor and respond

both to us and to

each other.

• We must learn to

manage this interaction.

“Another evolving area of risk lies in

physical objects—industrial components,

automobiles, home automation products,

and consumer devices, to name a few—that

are being integrated into the information

network, a trend typically referred to as the

‘Internet of Things.’

The interconnection of billions of devices

with IT and operational systems will

introduce a new world of security risks for

businesses, consumers, and governments.”2014 PwC State of Cybercrime Survey

“The development towards an IoT is likely to

give rise to a number of ethical issues and

debates in society, many of which have

already surfaced in connection with the

current Internet and ICT in general, such as

loss of trust, violations of privacy, misuse of

data, ambiguity of copyright, digital divide,

identity theft, problems of control and of

access to information and freedom of

speech and expression. However, in IoT,

many of these problems gain a new

dimension in light of the increased

complexity.”2013 European Commission Report on the IoT


Gartner Hype Cycle

So, how do we do that?

Focus on the identities

Too many users with

too much access

Too many users with

too much access

devices

We can’t leave it to the

manufacturers’ plan

We can’t stop attacks,

but we can mitigate the

damage

Focus on the basics

Enforce access controls

Monitor user

activity

Minimizerights

But how do we understand if

the activity is appropriate?

31

The answer is

NOT more data

• Security teams already have too

much data to deal with

• New tools and new

infrastructures compound the

problem

Simply put…

There’s too much noise and not enough insight

Security needs context…

What access?

Access okay?

Normal?

Where?

Who?

Identity?

We don’t know how attackers will get in but we must spot

them when they do.

35

What is the key?

Identity

We must adopt identity-centric

thinking if we want to have any

chance of maintaining control

over the world we are building

Identity of Everything


The Identity of Everything allows the creation of a unique set of attributes

• Who or what every connected item or person is

• What permissions those objects and people have

• What they do with those entitlements

• Who granted the permissions

• How other people and devices may interact


• Google Nest, a home

automation hub

• Collects data from other

appliances & sensors

• But there is a homeowner

identity behind it that Google

wants to market to

• And that owner will have

relationships to many other

things

The Identity of Everything will be both Hierarchical and Matrixed


Actions for Today, Tomorrow, Next Year

• Understand the identity stores you already have

• Examine how identity information is used in your

organization

• Look for ways to integrate identity context into your

product design to protect data collected by IoT sensors

• Start to build a framework to handle more

sophisticated, aggregate identity, that can scale

• Work towards an extensible identity framework that

will encompass people, products, devices and services

+44 (0)1344 [email protected]

NetIQ1 Arlington Square,Downshire Way, Bracknell,Berkshire, RG12 1WA, UK

www.netiq.com/communities

mailto:[email protected]

http://www.netiq.com/

http://www.netiq.com/communities

http://www.linkedin.com/groups?gid=2745833

http://www.linkedin.com/groups?gid=2745833

http://www.facebook.com/netiq

http://www.facebook.com/netiq

http://www.twitter.com/netiq

http://www.twitter.com/netiq

This document could include technical inaccuracies or typographical errors. Changes are

periodically made to the information herein. These changes may be incorporated in new

editions of this document. NetIQ Corporation may make improvements in or changes to the

software described in this document at any time.

Copyright © 2015 NetIQ Corporation. All rights reserved.

ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the

cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration

Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy

Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit,

PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite,

Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ

Corporation or its subsidiaries in the United States and other countries.

a smarter, more secure internet of things from netiq at gartner iam summit 2015

Software

netiq corporation

netiq1internet of things

smart devices

smart city

traffic jams

traffic volume

automobile traffic

smart meters