Comment: Identity and access management in the era of Industry 4.0

Organisations can effectively navigate the challenges and opportunities presented by the evolving landscape of Industry 4.0. by applying robust approaches to Identity and Access Management (IAM), says Simon McNally, IAM expert at Thales.

AdobeStock

Characterised by components such as digitalisation, IoT, artificial intelligence, automation and robotics, Industry 4.0 is rapidly evolving – transforming the industrial and manufacturing landscapes.

In a new era of digitalisation, automation and connectivity, productivity and efficiency are enhanced due to increased output, whilst environmental sustainability is improved through reduced energy consumption and waste reduction. Entire supply chains have the potential to be transformed through the improved transparency and traceability of goods.

Industry 4.0 has the potential to solve some of the biggest challenges facing society today – from the environment through to climate change and public infrastructure – but it isn’t without risk.

Collaboration is key to Industry 4.0

The full potential of Industry 4.0 can only happen through collaboration. Industry 4.0 is characterised by complex ecosystems comprising multiple different partners, with complex supply chains, and interconnected devices. Some of the benefits collaboration can bring include:

Innovation: Through the sharing of resources and knowledge, new ways of thinking and new technologies are developed – further driving forward Industry 4.0 and solving challenges.

Talent and skills: The rapidly evolving landscape of industrialisation requires a workforce with an ever-changing set of skills, who can respond to and drive forward innovations in technology and systems. Organisations can work together to improve training and development for talent, plus share skills.

Risk management: Organisations are encouraged to share information and knowledge about risks, particularly following cyberattacks. In doing so, collectively, the sector can be better prepared to understand vulnerabilities and mitigate against risk.

Although seamless collaboration and co-creation is vital, it is not without its own risks. The sector is faced with managing increasingly complex, interconnected ecosystems and as organisations adopt new technologies, particularly IoT and cloud computing, they risk increasing their exposure to cyberattacks without proper mitigation. So, how can businesses enable collaboration and co-creation, whilst adhering to strict security measures and safeguarding increasingly mission control data?

IAM controls who can access what, when and how

IAM is paramount in effectively overseeing the identities, permissions, and access of both individuals and devices within organisations. It stands as a critical component that organisations must integrate seamlessly. IAM takes charge of determining who is permitted access to specific resources and in what manner. By employing multi-factor authentication (MFA) and advanced biometrics like facial recognition, alongside robust password policies, IAM efficiently regulates access permissions and delineates actions that individuals and devices can execute.

This is particularly important where critical national infrastructure is concerned – where organisations need to adhere to strict security measures and safeguard mission control data. There is legislation in place concerning privacy and security, to protect data and systems. Organisations might even need to provide an audit trail demonstrating who has accessed what data and systems and when – especially in the event of a data breach or cyberattack. IAM systems enable organisations to demonstrate compliance.

Whilst security is crucial, humans are wired to find the easiest way to do their job and will find a workaround where processes are too strict or cumbersome. IAM systems can enhance user experience, such as via a Single Sign-on Experience (SSO). Via SSOs, employees wouldn’t need to remember multiple, complex passwords, and could make the most of authentication to access the specific data and systems they need.

With that in mind, it’s important to have a solid understanding of IAM. Here are some key considerations and best practices for setting up IAM processes:

Zero-trust: Switching from implicit trust to a zero-trust approach when it comes to company security reduces the risk of accidentally allowing unauthorised individuals and devices access protected data or systems. Rather than the system “remembering” users, a “never trust” approach means organisations can always guarantee someone is who they say they are before gaining access.

Principle of Least Privilege (PoLP): Linked to adopting a zero-trust approach, adopting a PoLP approach restricts access and permissions as much as possible without interfering with individuals’ abilities to carry out work. A PoLP approach means individuals don’t have excessive permissions they don’t need.

Multi factor authentication (MFA): MFA ensures users who access devices, systems and data are who they say they are, meaning only authorised users can gain access. MFA tools use multiple ways to validate a user’s identity, such as biometrics, sending a passcode to a user’s personal device, or answering security questions.

Password policies: Even if organisations have adopted MFA, password policies must also be reviewed to ensure systems, data and devices are protected adequately. Passwords need to be strong, frequently changed, and never shared amongst colleagues.

Usability: Whilst security is crucial, humans will find workarounds if processes are too difficult, and IAM systems are no different. Security must be balanced by user experience. IAM systems can be optimised for efficiency through the automation of processes and the option for self-service, making them more convenient for employees. Multifactor authentication and biometrics, such as facial recognition, are key components here.

The final word

Fostering collaboration is imperative for harnessing the immense potential of Industry 4.0 and propelling innovation through shared skills and resources, all while effectively managing risks. The increasingly intricate and interconnected ecosystems that result from collaboration necessitate stringent measures to safeguard critical data. Balancing this need for security, it's vital to ensure that the right individuals and devices have appropriate access to resources and data while maintaining a positive user experience.

Identity and Access Management stands as a cornerstone in the management of identities, permissions, and access for both individuals and devices. Establishing IAM processes calls for a strategic approach, incorporating best practices such as adopting zero trust and least privilege principles, revising password policies, and optimising systems and processes to ensure a seamless user experience. By doing so, organisations can effectively navigate the challenges and opportunities presented by the evolving landscape of Industry 4.0.

Simon McNally, identity and access management expert at Thales

More from Opinion