Non-human workers need access rights too!
As an increasing number of devices, machinery and robots are integrated in the infrastructure of organizations, assigning rights to “non-human workers” is becoming more important. However, the approach towards non-human workers varies widely between organizations.
Some organizations apply no access controls for non-human workers at all, while other organizations treat them like employees or contractors.
Employees follow the joiner-mover-leaver-cycle. This means that they are granted access rights for applications and data based upon their job, role or certain attributes, taking compliance and security into account. If an employee leaves the organization, then the access to the organization’s infrastructure and resources is revoked. But what happens to services and devices within the organization’s network when they are no longer required for its specific task?
“Devices that are decommissioned might still hold data that makes it easy for hackers to get access to the organizations infrastructure. Copiers and printers for example can store a lot of data and can easily turn into a nightmare if they are not properly erased before they are disposed of. Or imagine a smart board in a university that has been provided with the same access rights as an employee. With some IT-knowledge you could use that device to get access to the university’s network. That is why you need to have specific identities for non-human workers in order to regulate who can access and exchange data with them. Next to that, you need a lifecycle approach to non-human workers so they can be properly managed and disposed of and cancelling all access rights they had in the organization.” says Ronnie Vink, CTO at SonicBee.
At Sonic Bee Ronnie Vink and his team are working on Identity and Access Management solutions that are taking care of the non-human workers. The goal is to optimize the ease of commissioning, usage, and decommissioning of services and devices, machinery and robots in a secure way.
“We are creating the governance for non-human workers via our Intelligent Access Platform. As with real humans, new non-humans only can get access to the designated parts of the companies infrastructure if they meet the company’s requirements and policies. For existing non-human workers in the network, access rights can be easily changed via our Intelligent Access Platform. Should a non-human be decommissioned, all access rights it had are immediately revoked as well. In this way monitoring, deploying and decommissioning non-human workers gets easier and more secure.” according to Ronnie Vink.
