Partner Voices: Identity, Security and the Internet of Everything
As I often do with our Cisco Partner Voices blogs, this week’s entry is really more about me getting out of the way and letting the partner tell the story. I mean, after all, that’s what this whole series is about, right?
This week, I had the opportunity to hear from Geoff Webb (@GeoffvWebb), Senior Director, Solution Strategy for NetIQ. Geoff had some thoughts on the Internet of Everything (IoE) that are definitely worth sharing with the Cisco Partner Ecosystem.
In Geoff’s words, the Internet of Everything holds incredible promise – the opportunity to completely redefine how we interact with technology, the way we use information, even the way we perceive the very world around us. We’re going to be surrounded, 24/7, by smart devices that do everything from help us drive our cars more safely and monitor crop yields across the world to double checking that we turned the oven off before we left home, even run an airliner’s engines at peak efficiency as it flies around the world.
These smart tools – whether it’s wearable, drivable, sitting in our homes and/or in our bodies – are going to change absolutely every aspect of the way we think about, and use, information and technology. Yet at the same time, this is going to make new demands on the way we plan for security and privacy. And, the key to building the new, safe and secure IoE is going to be a deep understanding of a very old concept: that of “identity.”
Identity – understanding who a person (or a device) is will be central to making the Internet of Everything work. Whether we’re talking about a customer walking through a shopping mall buying clothes, a traffic light sensor in the middle of a major city, or a critical smart component in the heart of a Power station, understanding the identity behind the activity we see will be essential to gaining greater knowledge about events as they occur, helping us plan more effectively for the future.
Equally important is the fact that understanding identity will help us make everything more secure. That’s because much of the problem with modern information security is that it’s often difficult to understand the “identity” behind activity. Is that person accessing our customer database really who they claim to be? Who is the administrator making changes to our network at 3am from a remote location?
Many of the failures of traditional security approaches have been centered around the fact that they focus on devices without fully integrating the identity of the people using them – of the person behind the activity. Without the context that an understanding of identity brings, it’s very difficult to really give people the access to systems they need, while still keeping those same systems safe from attackers.
While networks have been complex before, introducing all the devices and connection points associated with IoE is going to make the problems of keeping data safe and services secure vastly more complicated, especially if we don’t start building that better understanding of identity into the very fabric of the systems we are building today.
Geoff continued, this is why it’s exciting to team up with Cisco who knows what the power of the Internet of Everything means, and why security is paramount. A great example of this approach is the Cisco Identity Services Engine (ISE) eco-system. It allows organizations like NetIQ to deliver even greater intelligence to the security teams tasked with keeping systems safe, working within a network that is already ‘identity-aware’ and able to respond quickly to potential threats.
For example, the capability to quickly recognize the identity of a device that tries to connect to the network and determine what, if anything, should happen while also providing more detailed information on the activity to the security monitoring team. This better understanding of identity means it will be faster, easier, and more secure to introduce more and more new devices and connections to an existing network – essential as BYOD and IOE become part of the fabric of our corporate computing services.
This is the real power that identity brings to the security organization. The ability to deeply embed identity context into every security decision, whether as part of a governance and compliance review, or real-time security event management, elevates the capability of the security team to provide frictionless access that is convenient and safe. Traditional security, with its long-time focus on devices, will no longer be able to cope when IoE changes the way we bring technology into the workplace, or connect to it remotely. A new, identity-powered security, will become the norm.
As the trend of BYOD accelerates, powered by the explosion in devices from IoE, so understanding the identity of the things and the people who use them becomes essential to understanding the world. All those devices, in their countless billions, will need identities that can be assigned, monitored, and managed. IoE will therefore demand an equivalent Identity of Everything – a massive, complex challenge, especially when you consider all the interactions and relationships between those identities.
Thankfully, we’re starting early. Working together, security, identity and networking companies can build into the fabric of the Internet of Everything the intelligence to make it, and the interactions with our existing organization’s networks, safer, easier, and secure.
What great insights from Geoff. What do you think? Let us know in the comments section below!