Every device, app, service, and interface in IoT needs its own identity, which operators can use to track and analyze activity. This is not only used to identify problems but also to protect the systems from attacks, attempted fraud, and espionage.
The more you have, the more you get: identity plays a key role in securing IoT, and the number of digital identities to manage tends to grow exponentially – many more than existing identity and access management (IAM) systems need to support, says the IoT Working Group at Cloud Security Alliance.
The security industry is changing and IAM is no longer solely concerned with managing people but also managing the hundreds of thousands of “things” that may be connected to a network. Some practitioners have begun to refer to this new identity ecosystem as the Identity of Things.
Smart Industry asked leading analyst firms about the importance of identity management, the major challenges, and the ways to implement identities for IoT. Full Article
David Greenfield, Director of Content
Not long ago, most cyber-attacks on industry happened largely behind the scenes. The companies whose systems were breached rarely went public about the event and if information about these events was ever discussed publicly, it was usually years after the event and few specific details beyond the nature of the attack were ever revealed.
But that’s been changing as cyber-attacks have become more brazen and threaten the public at large. For example, on February 5, 2021, we learned about the remote access intrusion into the control system at a water treatment facility in Oldsmar, Fla., about 13 miles from Raymond James Stadium in Tampa where the Super Bowl was held just two days later.
As an industry observer, one of the more shocking aspects of the Oldsmar hack is that the only thing that stopped it was an observant operator who noticed some unusual changes being made to the facility’s control system. Though remote access to this system was allowed, apparently no user authentication or high-level security methods were employed to restrict access by unauthorized users. And because the operator who noticed the changes received no alerts about them—he just happened to notice that the changes being made were unusual—it’s not unreasonable to assume the facility had no effective anomaly detection or intrusion technologies in place either.
Hi-Tech Security Solutions
The buzz around artificial intelligence (AI) continues unabated with many companies spending vast amounts of time and money developing the various concepts of AI to enhance the products and services they have on offer. Then there are also companies that suddenly realised that AI is the buzzword of the year and immediately changed their packaging and marketing to include references to AI-enhanced solutions, without actually changing anything. Full Article