A smarter, more secure Internet of Things
Travis GreeneIdentity Solutions Strategist, NetIQ
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.2
Internet of Things
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.3
Internet of Things What “things” and how did we get there?
Goldman Sachs, What is the Internet of Things?, September 2014
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.4
Two Critical Components
Things People behindthe “Things”
The Internet of Things
- A Few Examples
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.6
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.7
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.8
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.9
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.10
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.11
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.12
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.13
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.14
The Risk Presented by
the Internet of Things
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.16
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.17
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.18
• The Internet of Things
will change the way we
use and interact with
technology.
• Devices will constantly
monitor and respond
both to us and to
each other.
• We must learn to
manage this interaction.
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.19
“Another evolving area of risk lies in
physical objects—industrial components,
automobiles, home automation products,
and consumer devices, to name a few—that
are being integrated into the information
network, a trend typically referred to as the
‘Internet of Things.’
The interconnection of billions of devices
with IT and operational systems will
introduce a new world of security risks for
businesses, consumers, and governments.”2014 PwC State of Cybercrime Survey
“The development towards an IoT is likely to
give rise to a number of ethical issues and
debates in society, many of which have
already surfaced in connection with the
current Internet and ICT in general, such as
loss of trust, violations of privacy, misuse of
data, ambiguity of copyright, digital divide,
identity theft, problems of control and of
access to information and freedom of
speech and expression. However, in IoT,
many of these problems gain a new
dimension in light of the increased
complexity.”2013 European Commission Report on the IoT
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.22
Gartner Hype Cycle
So, how do we do that?
Focus on the identities
Too many users with
too much access
Too many users with
too much access
devices
We can’t leave it to the
manufacturers’ plan
We can’t stop attacks,
but we can mitigate the
damage
Focus on the basics
Enforce access controls
Monitor user
activity
Minimizerights
But how do we understand if
the activity is appropriate?
31
The answer is
NOT more data
• Security teams already have too
much data to deal with
• New tools and new
infrastructures compound the
problem
Simply put…
There’s too much noise and not enough insight
Security needs context…
What access?
Access okay?
Normal?
Where?
Who?
Identity?
35
What is the key?
Identity
We must adopt identity-centric
thinking if we want to have any
chance of maintaining control
over the world we are building
Identity of Everything
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.38
The Identity of Everything allows the creation of a unique set of attributes
• Who or what every connected item or person is
• What permissions those objects and people have
• What they do with those entitlements
• Who granted the permissions
• How other people and devices may interact
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.39
• Google Nest, a home
automation hub
• Collects data from other
appliances & sensors
• But there is a homeowner
identity behind it that Google
wants to market to
• And that owner will have
relationships to many other
things
The Identity of Everything will be both Hierarchical and Matrixed
© 2014 NetIQ Corporation. All rights reserved.40
NetIQ provides a unique combination of
Identity, Access and Security solutions
that will scale to address the future
demands on identity
© 2015 NetIQ Corporation and its affiliates. All Rights Reserved.41
Actions for Today, Tomorrow, Next Year
• Understand the identity stores you already have
• Examine how identity information is used in your
organization
• Look for ways to integrate identity context into your
product design to protect data collected by IoT sensors
• Start to build a framework to handle more
sophisticated, aggregate identity, that can scale
• Work towards an extensible identity framework that
will encompass people, products, devices and services
+1 713.548.1700 (Worldwide)888.323.6768 (Toll-free)[email protected]
Worldwide Headquarters515 Post Oak Blvd., Suite 1200Houston, TX 77027 USA
www.netiq.com/communities
This document could include technical inaccuracies or typographical errors. Changes are
periodically made to the information herein. These changes may be incorporated in new
editions of this document. NetIQ Corporation may make improvements in or changes to the
software described in this document at any time.
Copyright © 2015 NetIQ Corporation. All rights reserved.
ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the
cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration
Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy
Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit,
PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite,
Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ
Corporation or its subsidiaries in the United States and other countries.
Top Related