IoT is H-O-T! But, it is still at its nascency. The "things" in IoT vary based upon domain, environment, and context, and we are only in our earliest days understanding where they can be applied to reducing risk in identity management. This blog will pull together the elements needed for industry to be able to use IoT across channels and domains. You will see the greatest challenges in provisioning devices to individuals. Next, you will get to see my simplified view of the lifecycle of IoT devices and how it impacts provisioning. Finally, it will describe the art of disambiguation, without giving away too many secrets, as the crux of using IoT in the world of identity management. Bottom line, we have an opportunity to look at IoT as not a confusing array of gadgets, but a better model to serve our users, while also increasing the integrity of the transaction without as much customer friction.
Live by my simple adage in cybersecurity, "Machines Don't Do Bad Things, People Do." When you look the potential vectors of cyber, physical, and personnel threats: the vulnerabilities, the mistakes, and the attacks, can all be traced back to a person. Using this adage in building a cyber defense strategy, provides a new kind of framework to measure and reduce threats. The challenge: even though you may see a machine going awry, it is really, really hard to find the "bad guy" before the vulnerability is exploited or the attack is in play. So, in an effort to come at this problem a new way, let's examine "Brent's Inverted Corollary of Cybersecurity" (breaking news), "Machines Don't Do Good Things, People Do".
Common misconceptions related to the proper and cost-effective application of biometrics across heath care, financial institutions, and the public sector. Biometrics are functional and cost-effective tools when used to manage risk by linking the identity presented for a transaction to an identity previously registered. Biometrics are, however, less than ideal for cases in which a biometric collected at the transaction is compared (to find a match) with a massive biometric database of customers, patients, and even threat actors.