An Internet of Things software development kit should facilitate secure data transmission by passing along a unique identifier for the device, a secure access token or certificate and by creating an encrypted tunnel via TLS.
Most of you are well-versed at entering user names and passwords to access social media and banking sites from your desktop browser. Based on the identity you provide; you’re given access to those sites. Some of you in the corporate world might know what it means to join your computer to a Domain. Your company has you do this so you only have to enter your credentials once, while getting access to multiple servers. This is called single sign-on (SSO) and it uses a directory service.
With people moving to myriad mobile devices and enterprise workloads moving to the cloud, the SSO technologies of the past require retooling. To make this work in a heterogeneous world, security tokens using Security Assertion Markup Language (SAML) that work with any operating system are needed. A Secure Token Service (STS) is employed to issue tokens to clients on behalf of a secure software service.
Today, you need a cloud-based directory service to manage users, groups and roles. It must provide hybrid identity by synchronizing with on-premises directories so users can seamlessly authenticate whether they’re inside the corporate WLAN or roaming on mobile data networks. Additionally, it must provide users with SSO to apps and services residing in other clouds. Finally, this service must support multi-factor authentication (MFA) which requires something a user has (a phone), something they know (a PIN) or something they are (biometrics) to secure corporate resources.
Reduce risk and improve user productivity by restricting corporate access to those employees with credentials found in cloud and on-premises directories. What is your company doing to provide secure access to its business systems from any device?
It’s clear the things we’ve done in the past to stay secure are no longer sufficient. The pervasive use of usernames and passwords to authenticate with every kind of system on the planet is breaking down. Passwords aren’t strong enough and no one can remember them all. Some companies require something called two factor authentication in order to access their computer systems. This dramatically increases security because you’re required to have something like a smartcard and know something like a PIN in order to gain access. The downside is that everyone has to have a smartcard with cryptographic information on an embedded chip as well as a smartcard reader plugged into a PC to make this work. How likely is it that everyone on a global scale has this kind of gear? Not very.
It makes you wonder if there’s some kind of device carried by almost every human on the planet that could substitute for a smartcard? Seek out cloud and on-premises systems that work with devices to implement modern security features like multifactor authentication. Now when an employee enters their corporate credentials, the system will call their phone and require them to dial in an additional PIN to prove it’s actually them who’s trying to access corporate resources. A bad actor who may have stolen your credentials won’t have your phone to answer the call or know your PIN. It’s also unlikely they’ll have your face or fingerprint if you’ve enabled biometric security.
Reduce risk to your business by having employees use their smartphones to prove their identity when attempting access to corporate resources. What is your company doing to secure its business-critical resources?