How IoT empowers dialogue on cybersecurity, privacy, and identity and access management
By Joni Brennan and Oleg Logvinov
It is a counterintuitive challenge to begin with. The whole point of the Internet is to make informationmore accessible, but the prevailing question in cybersecurity, privacy and identity and access management (IAM) is how to build an effective framework of complementary technologies and policies for restricting who can access what information when and in what ways.
In the digital transformation that is well underway with Internet of Things (IoT) and cloud proliferation, and the migration from vertically to horizontally integrated systems, cybersecurity, privacy and IAM concerns have amplified and grown even more complicated.
Global technology and policy communities have historically operated in response to progress in one or the other domain, but within their own insular silos. Moreover policy has typically moved much more slowly than technology. New requirements have steadily arisen, driving rapid iterations of technology innovation to enable greater and greater connectedness—though sometimes the technology community has found itself working within a policy framework that dates back to the 1970s. In other instances, policy changes have demanded technology capabilities that today simply do not even exist.
‘Kill the password’ is a popular battle cry – nobody likes having to remember passwords, but how can we log in for all of our IoT experiences without them?
Either way, it is increasingly clear that this isolated relationship between technology and policy—leading to one moving, and then the other reacting to it—cannot keep pace with the global progress in the IoT. Billions of “Smart Things” are already connected today, and more are signing on every day. Developing policies without understanding the enabling technologies, or developing technology without understanding the cybersecurity/privacy/IAM policy framework that is taking shape, can lead to terrific expense and inefficiencies.
Policy and technology innovation for smart things must advance hand in hand. The two communities must work together, to ensure harmonious progress, optimise return on investment in advancements, and reduce time to market for innovation. Close communication and education between the global policy and technology communities for cybersecurity, privacy, and IAM are absolutely crucial to maintain IoT momentum.
Keeping up with the state of the art
Smart Things around the IoT are creating a more dynamic and integrated fabric that connects virtual and physical worlds in increasingly useful ways. In the journey toward these benefits, the issues of cybersecurity, privacy, and IAM are magnified because so much sensitive personal data is being exchanged across so many more systems every day.
As a result, thinking is evolving quickly.
For example, “user centricity”—designing with the user at the centre, as opposed to designing the Internet to behave in ways to which users must adapt—is an increasingly prevalent goal. “Kill the password” is another of the more popular battle cries. Nobody likes having to remember, input and frequently change Internet passwords, but then how can we actually log in for all of our IoT experiences without passwords? Contextual authentication figures to play a more important role; if a system can see that Phone X is being used at Place Y at Time Z, identity could be authenticated by logging all of these behavior patterns through different vectors. The IoT and Smart Things lend themselves to such an approach.
Developing technologies without understanding the cybersecurity, privacy and IAM policy framework taking shape can lead to terrific expense and inefficiency
Without visibility and synchronisation across the technology and policy communities however, development in one domain might not properly anticipate and account for development in the other. Policies that develop may not be implementable in technology, or technologies may not be implemented because they do not meet emerging policy. Smart thing proliferation could stagnate.
Learning from one another
Ongoing IoT innovation, sustainability, and market growth are dependent on informed policy, while effective public policy around cybersecurity, privacy, and IAM relies on sound, neutral, technical guidance. Policy experts need reliable guidance to make informed Internet public-policy decisions at the same time that technologists need an understanding of the Internet public-policy landscape to help drive proactive technology design.
Bi-directional dialogue and engagement among the global technical and policy communities for cybersecurity, privacy, and IAM are increasingly necessary to make certain that the tremendous promise of the IoT is realised as completely, quickly, and cost-effectively as possible.
Joni Brennan is executive director of Kantara Initiative, a non-profit organization enabling trust in identity services through compliance programs, requirements development and information sharing. For more information, please visit https://kantarainitiative.org/.
In addition to serving as director special assignments, Industrial and Power Conversion Division, STMicroelectronics, Oleg Logvinov chairs the IEEE Internet Initiative. The initiative provides a platform to connect the voice of the technical community to global policymaking for Internet governance, cybersecurity and privacy to inform debate and decisions, and to help ensure trustworthy technology solutions and best practices. For more information, please visit http://internetinitiative.ieee.org.
- » No matter who you are – automating access governance solves a plethora of business problems
- » More than nine in 10 IT pros see automation as necessary across the enterprise
- » Wandera secures $27.5 million, cites machine learning as key to future success
- » Google shares its tiered approach to enterprise mobile security in new paper
- » Cisco Jasper moves IoT and EMM closer with mobility management platform release