Part 3 (and final part) of our series focusing on best practices and pitfalls to avoid to secure connected products and processes with an IoT platform for identity.
What are the top 5 most difficult technology aspects of security and identity for IoT?
- No single established standard for device identity management
- Inadequacy of traditional IAM models (too person-centric, static) to encompass non-carbon entities and dynamic relationships
- Management of connectivity, data and authentication across organization and network boundaries
- Heterogeneous networks (bandwidth, latency, coverage)
- Multiplicity of IoT standards (MQTT, AMQP, CoAP, etc.) exacerbated by overlapping industry alliances
What are the top 3 best practices when implementing security and identity for IoT?
- Ensure that identity and access capabilities can be enforced autonomously, even when the device is disconnected
- Understand the dynamic nature of identity-driven relationships among IoT devices
- Allow application of different policies to the same IoT devices depending on context (time, space)
What are the top 3 pitfalls to avoid when implementing security and identity for IoT?
- Rely too much on IoT device capabilities (e.g. X509 certificate)
- Assume uninterrupted access and connectivity to IoT devices
- Expect and apply the same capabilities as traditional IAM
What are the top 5 guidelines that Covisint sees its customers use?
- Ability to scale
- Standards support
- Proven track record (years of existence, number and size of customers)
- Ability to bridge agile and legacy systems, cloud and on-premise systems
- Ease of administration
Recommendation: IoT platforms are accelerators of IoT adoption. They are designed to offer core capabilities enabling developers to more quickly and efficiently build, deploy and manage connected applications and focus on creating the business logic that will differentiate their connected products and connected processes.
By providing special-purpose services, consistent operating environments and standards-based frameworks, IoT platforms allow for the rapid implementation of proof of concepts (POC) for concept validation and for the iterative roll out of new software-based solutions for ongoing market fit.
Users of IoT Platforms should take a fit for purpose approach and select the platform(s) that best suit their needs and offer the maximum level of integratability and interoperability with other IoT systems. Most business IoT platforms will be a composite of several IoT technology platforms.
Users and buyers should particularly care about platform offerings that enable them to create and manage the digital ecosystems that constitute their connected products and connected processes and within which people, systems and things will produce, use, consume or store data.