//
you're reading...
Information Security, IT & TECHNOLOGY

Cloud Security Alliance Releases New Guidance for Identity and Access Management for the Internet of Things


CSA-Logo

Internet of Things (IOT) Working Group Provides Easily Understandable Recommendations for Securely Implementing and Deploying IoT Solutions

Las Vegas, NV – CSA Congress 2016 — Sept 30, 2015 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that its Internet of Things (IoT) Working Grouphas released a new summary guidance report titled Identity and Access Management for the Internet of Things. The Internet of Things (IoT) has been experiencing massive growth in both consumer and business environments.  In response to this emerging market and the particular security requirements of these connected devices, The CSA established the IoT Working Group to focus on providing relevant guidance to its stakeholders who are implementing IoT solutions. To download a free copy of the guidance report, click here: https://cloudsecurityalliance.org/download/identity-and-access-management-for-the-iot/.

The IoT introduces the need to manage exponentially more identities than existing IAM systems are required to support.  The security industry is seeing a paradigm shift whereby IAM is no longer solely concerned with managing people but also managing the hundreds of thousands of “things” that may be connected to a network.  In many instances these things are connected intermittently and may be required to communicate with other things, mobile devices and the backend infrastructure.

“This document is the first in a series of summary guidance aimed at providing easily understandable recommendations to information technology staff charged with securely implementing and deploying IoT solutions,” said Brian Russell, co-chair of the Internet of Things Working Group for the Cloud Security Alliance. “With this guidance, the CSA’s IoT Working Group is seeking to provide prescriptive guidance to stakeholders detailing an easy-to-follow set of recommendations for establishing an IAM for IoT program within their organization.”

To help security practitioners ensure the integrity of their IoT deployments, the report details 23 recommendations for implementing IAM for IoT which are drawn from real-world best practices culled by CSA’s IoT Working Group along with guidance from a number of other organizations including the Kantara Initiative, FIDO, and the IETF.

Some of these recommendations include:

  • Integrate your IoT implementation into existing IAM and GRC governance frameworks in your organization.
  • Do not deploy IoT resources without changing default passwords for administrative access.
  • Evaluate a move to Identity Relationship Management (IRM) in place of traditional IAM.
  • Design your authentication and authorization schemes based on your system-level threat models.

About the Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.

Media Contact

Kari Walker
ZAG Communications for the CSA
kari@zagcommunications.com

[Cloud Security Alliance News]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 123,466 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,485 other followers

Twitter Updates

Archives

September 2015
M T W T F S S
« Aug   Oct »
 123456
78910111213
14151617181920
21222324252627
282930  
%d bloggers like this: