A smarter, more secure Internet of Things

If you like this presentation – show it...

Slide 0

A smarter, more secure Internet of Things Travis Greene Identity Solutions Strategist, NetIQ

Slide 1

Internet of Things

Slide 2

Internet of Things What “things” and how did we get there? Goldman Sachs, What is the Internet of Things?, September 2014

Slide 3

Two Critical Components Things People behind the “Things”

Slide 4

The Internet of Things - A Few Examples

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

The Risk Presented by the Internet of Things

Slide 15

Slide 16

Slide 17

The Internet of Things will change the way we use and interact with technology. Devices will constantly monitor and respond both to us and to each other. We must learn to manage this interaction.

Slide 18

Slide 19

“Another evolving area of risk lies in physical objects—industrial components, automobiles, home automation products, and consumer devices, to name a few—that are being integrated into the information network, a trend typically referred to as the ‘Internet of Things.’ The interconnection of billions of devices with IT and operational systems will introduce a new world of security risks for businesses, consumers, and governments.” 2014 PwC State of Cybercrime Survey

Slide 20

“The development towards an IoT is likely to give rise to a number of ethical issues and debates in society, many of which have already surfaced in connection with the current Internet and ICT in general, such as loss of trust, violations of privacy, misuse of data, ambiguity of copyright, digital divide, identity theft, problems of control and of access to information and freedom of speech and expression. However, in IoT, many of these problems gain a new dimension in light of the increased complexity.” 2013 European Commission Report on the IoT

Slide 21

Gartner Hype Cycle

Slide 22

So, how do we do that?

Slide 23

Focus on the identities

Slide 24

Too many users with too much access

Slide 25

Too many users with too much access devices

Slide 26

We can’t leave it to the manufacturers’ plan

Slide 27

We can’t stop attacks, but we can mitigate the damage

Slide 28

Focus on the basics Enforce access controls Monitor user activity Minimize rights

Slide 29

But how do we understand if the activity is appropriate?

Slide 30

The answer is NOT more data Security teams already have too much data to deal with New tools and new infrastructures compound the problem

Slide 31

Simply put… There’s too much noise and not enough insight

Slide 32

Security needs context… What access? Access okay? Normal? Where? Who? Identity?

Slide 33

We don’t know how attackers will get in but we must spot them when they do.

Slide 34

What is the key? Identity

Slide 35

We must adopt identity-centric thinking if we want to have any chance of maintaining control over the world we are building

Slide 36

Identity of Everything

Slide 37

The Identity of Everything allows the creation of a unique set of attributes Who or what every connected item or person is What permissions those objects and people have What they do with those entitlements Who granted the permissions How other people and devices may interact

Slide 38

Google Nest, a home automation hub Collects data from other appliances & sensors But there is a homeowner identity behind it that Google wants to market to And that owner will have relationships to many other things The Identity of Everything will be both Hierarchical and Matrixed

Slide 39

NetIQ provides a unique combination of Identity, Access and Security solutions that will scale to address the future demands on identity

Slide 40

Actions for Today, Tomorrow, Next Year Understand the identity stores you already have Examine how identity information is used in your organization Look for ways to integrate identity context into your product design to protect data collected by IoT sensors Start to build a framework to handle more sophisticated, aggregate identity, that can scale Work towards an extensible identity framework that will encompass people, products, devices and services

Slide 41

Slide 42