Early this month, electric car manufacturer, Tesla patched the software on its Model S luxury sedan shortly after two security researchers discovered they could plant a Trojan into the system allowing them to remotely control the vehicle even while someone else was driving it. The Tesla hack is just one of the latest of a string of demos showing how easily today’s computerized and connected automobiles can be commandeered by hackers.
Meanwhile, Federal Bureau Investigation (FBI) agents are still probing the bizarre digital hijacking in May of an electronic billboard in one of the busiest intersections in Buckhead, Atlanta. Hackers were able to tap into the billboard’s control system and replace regular advertising content with the image of a naked man in a rather lewd act.
No people were hurt and no property was damaged in either incident. However, they illustrate, in disturbing clarity, how insecure our increasingly connected public domain is.
The Internet of Things (IoT) is transforming the Identity and Access Management (IAM) landscape. In an era when attackers can tap into something as innocuous as an Internet connected kettle in order to hack into a corporate network, organizations need to evolve a new security posture.
Current IAM services need to transition from a people-centric model to one that encompasses multiple user personas, as well as a multitude of IoT devices and applications.
In the IoT world, “things” have their own identities and therefore require their own access protocols based on the relationships with users, applications, and other devices.
“Traditional, people-focused IAM systems have been unable to accommodate the propagation of devices and things to give a broad integrated view for IAM leaders,” according to Ant Allan, research vice-president at research firm Gartner.
Gartner foresees a new concept of Identity of Things (IDoT) as evolving into an extension of current access management systems.
“People, software that makes up system, applications and services, and devices will be defined as entities and all entities will have the same requirements to interact,” said Allan.
The new model will require IAM to become real-time and event-driven with tweaks and changes executed by the minute in some cases.
Analyst firm International Data Corp. (IDC) also believes that IoT will push IT leaders to incorporate other IT functions such as asset management and software management with traditional IAM.
“Enterprises will have to address every IT discipline to effectively balance the deluge of data from devices that are connected to the corporate network,” Vernon Turner, senior vice-president of research for IDC, said in a recent statement. “In addition, IoT will drive tough organizational structure changes in companies to allow innovation to be transparent to everyone, while creating new competitive models and products.”
Nestor Arellano is a Toronto-based journalist who specializes in writing about technology and business news. Nestor reports on IT trends, new products and best practices, and how these can be of use to business and IT decision makers in the enterprise, small and medium size business space, and government.