Organisations must control access and manage identities to secure IoT

Identity and access management (IAM) is now recognised as a capability that providers of Internet of Things (IoT) services need to address if they are to offer secure services. After all, finds George Malim, if you can’t control access to a device or service, you can’t secure it. The recent spate of cyberattacks and malware have heightened organisations’ awareness of the need for security in IoT and good work is now being done in encryption and rolling out standard IT security practices to IoT. However, the enormous attack surface and the number of points of vulnerability at which networks and services can be accessed makes the challenge harder to understand and the threats harder to identify. A foundational element to IoT security should be assuring the identity of devices and users and securing access to systems. These fundamental requirements are covered by the IAM discipline.