The Internet of Things has an identity problem

Implementing zero-trust IoT with an identity-centric approach

According to Juniper Research, the number of Industrial IoT connections is expected to reach 46 billion by 20231.  As IoT deployments move from simple monitoring and failure alerts to more complex and sophisticated solutions, such as digital twins, organizations need to adopt a zero-trust, identity-first approach to ensure the data and devices they are extending are not at risk. Failure to adequately attest and verify the IoT device and its associated data streams could lead to too much or too little access. This can hamper integration or expose data or the device to cyber attacks.

Navigating IT to operational technology integration with IoT

Exposing operational technology to the internet is not a wise decision. In many cases, the systems were never designed for today’s connected enterprise. But forward-thinking business leaders understand that connecting the myriad of people, systems and things that touch the value chain can have a profoundly positive impact. They also know that piecing a solution together with multiple standalone components or building it themselves would take a considerable amount of time and resources. This can result in a solution that is error-prone, challenging to manage and not easily scalable. By giving IoT the same attention and focus as other enterprise applications, organizations can drive innovation and enable timely business decisions.

How do you define data quality from an IoT device without device validity?

The first lesson in zero-trust IoT is that data quality begins with device validity. An identity-first approach in IT to operational technology integration is important because it gives IoT devices a role and purpose. Creating a unique digital identity for the IoT device is the critical first step in realizing zero-trust, secure IoT.

Failing to properly identify IoT devices hinders governance and the ability to attest to the data it creates. Without device attestation, an IoT deployment can create unnecessary noise for users or give access to the wrong people. And those are just the internal risks – we’ll cover the external risks in another blog. This holistic view of the device and its data streams are necessary to maintain the device’s role and the context-based permissions that establish secure integration to enterprise applications.

How to implement zero-trust IoT without hampering integration

Whether your IoT deployment consists of a handful of devices or millions of sensors across multiple factories, identification and attestation are necessary to ensure IoT devices do not become the weakest link in an established IT security posture.

Identify to integrate and scale

Secure device management for IoT begins with advanced profile management to catalog and define templates for re-use, tools to manage the lifecycle of devices and their relationships to other devices, people and systems, and Internet-scale IoT messaging functionality. Managing and operating a zero-trust IoT ecosystem would be impossible to do without these capabilities, and extremely challenging to build from scratch.

The OpenText™ IoT platform enables the definition of device profiles and leverages templates for bulk creation and update. This flexibility and an identity-first approach to IoT makes it possible to create templates for devices, events, commands and even entire solutions. Templates make it easy to on-board new devices quickly, catalog attributes for future use and allow users to instantiate entire solutions based on prior models that have proven to be effective.

Uncomplicate your IoT device’s relationship status

Zero-trust IoT doesn’t stop at device identification; it requires total visibility into all interactions across the entire ecosystem. This process includes the registration, authentication and authorization of interactions across the entire lifecycle of people, systems and things. That ‘one bad apple’ analogy is at work here: One bad IoT device can ruin an entire ecosystem. Zero-trust IoT is best realized by the ability to manage the relationship that a device has with anyone or anything that it interacts with. OpenText delivers secure IoT and uncomplicates data integration across the ecosystem.

Learn more about the Identity of Things here.

Are you ready for the Intelligent and Connected Enterprise? Join us at OpenText™ Enterprise World 2019 to hear how we’re enabling the Intelligent and Connected Enterprise with AI and the Internet of Things.

  1.  Juniper Research, The Internet of Things: Consumer, Industrial & Public Services 2018-2023, December 6, 2018.

Bob Slevin

Bob Slevin is the Director of Product Marketing for IoT at OpenText. Bob is an Internet of Things (IoT) architect and evangelist with more than 25 years’ experience in telecommunications spanning Military and Private sectors. He has collaborated with partners to deploy millions of connected devices across business and consumer markets. An IoT thought leader with an MBA in Technology Management, Bob is focused on identifying business challenges and building innovative solutions to improve operational efficiencies, drive growth and mitigate risks.

Related Articles

Close