Non-human workers need access rights too!
The Rise of Non-Human Workers in Organizations
As an increasing number of devices, machinery, and robots are integrated into the infrastructure of organizations, assigning rights to “non-human workers” is becoming more important. However, the approach towards non-human workers varies widely between organizations. This means some organizations apply no access controls for non-human workers, while others treat them like employees or contractors.
The Joiner-Mover-Leaver-Cycle and Its Limitations
Employees follow the joiner-mover-leaver-cycle. Meaning they are granted access rights for applications and data based on their job, role, or certain attributes, taking compliance and security into account. For example, say an employee leaves the organization, leading to their access to the organization’s infrastructure and resources being revoked. But what happens to services and devices within the organization’s network when they are no longer required for its specific task?
Security Risks with Decommissioned Devices
“Devices that are decommissioned might still hold data. That’s making it easy for hackers to access the organizations‘ infrastructure. Copiers and printers, for example, can store a lot of data and can easily become a nightmare if they are not properly erased before disposal. Just imagine a smart board in a university that has been provided with the same access rights as an employee: anyone that has some basic IT knowledge could use that device to get access to the university’s network. That is why you need to have specific identities for non-human workers to regulate who can access and exchange data with them. In addition, you need a lifecycle approach to non-human workers so they can be properly managed and disposed of and cancelling all access rights they had in the organization.” says Ronnie Vink, CTO at SonicBee.
Innovative IAM Solutions for Non-Human Workers by SonicBee
At SonicBee, Ronnie Vink and his team are working on Identity and Access Management solutions that care and consider for non-human workers. The goal is to optimize the ease of commissioning, usage, and decommissioning of services and devices, machinery and robots securely.
Governance via Intelligent Access Platform
“We are creating the governance for non-human workers via our Intelligent Access Platform. As with real humans, new non-humans can only get access to the designated parts of the company’s infrastructure if they meet the company’s requirements and policies. Access rights can be easily changed via our Intelligent Access Platform for existing non-human workers in the network. Should a non-human be decommissioned, all access rights it had are immediately revoked as well. In this way, monitoring, deploying, and decommissioning non-human workers gets easier and more secure.” according to Ronnie Vink.