4 IAM best practices for IoT

MUMBAI, INDIA: The Internet of Things (IoT) has been experiencing massive growth in both consumer and business environments.

In response to this emerging market and the particular security requirements of these connected devices, The Internet of Things IIoT) working group of the Cloud Security Alliance (CSA) has released a new summary guidance report titled Identity and Access Management for the Internet of Things.

To help security practitioners ensure the integrity of their IoT deployments, the report details some recommendations for implementing IAM for IoT which are drawn from real-world best practices culled by CSA’s IoT Working Group along with guidance from a number of other organizations including the Kantara Initiative, FIDO, and the IETF.

Some of these recommendations include:

•    Integrate your IoT implementation into existing IAM and GRC governance frameworks in your organization

•    Do not deploy IoT resources without changing default passwords for administrative access.

•    Evaluate a move to Identity Relationship Management (IRM) in place of traditional IAM.

•    Design your authentication and authorization schemes based on your system-level threat models.

“This document is the first in a series of summary guidance aimed at providing easily understandable recommendations to information technology staff charged with securely implementing and deploying IoT solutions,” said Brian Russell, co-Chair, IoT Working Group for CSA.