Non-human workers need access rights too!

As an increasing number of devices, machinery and robots are integrated in the infrastructure of organizations, assigning rights to “non-human workers” is becoming more important. However, the approach towards non-human workers varies widely between organizations.
Some organizations apply no access controls for non-human workers at all, while other organizations treat them like employees or contractors.

Employees follow the joiner-mover-leaver-cycle. This means that they are granted access rights for applications and data based upon their job, role or certain attributes, taking compliance and security into account. If an employee leaves the organization, then the access to the organization’s infrastructure and resources is revoked. But what happens to services and devices within the organization’s network when they are no longer required for its specific task?

“Devices that are decommissioned might still hold data that makes it easy for hackers to get access to the organizations infrastructure. Copiers and printers for example can store a lot of data and can easily turn into a nightmare if they are not properly erased before they are disposed of. Or imagine a smart board in a university that has been provided with the same access rights as an employee. With some IT-knowledge you could use that device to get access to the university’s network. That is why you need to have specific identities for non-human workers in order to regulate who can access and exchange data with them. Next to that, you need a lifecycle approach to non-human workers so they can be properly managed and disposed of and cancelling all access rights they had in the organization.” says Ronnie Vink, CTO at SonicBee.

At Sonic Bee Ronnie Vink and his team are working on Identity and Access Management solutions that are taking care of the non-human workers. The goal is to optimize the ease of commissioning,  usage, and decommissioning of services and devices, machinery and robots in a secure way.

“We are creating the governance for non-human workers via our Intelligent Access Platform. As with real humans,  new non-humans only can get access to the designated parts of the companies infrastructure if they  meet the company’s requirements and policies. For existing non-human workers in the network, access rights can be easily changed via our Intelligent Access Platform. Should a non-human be decommissioned, all access rights it had are immediately revoked as well. In this way monitoring, deploying and decommissioning  non-human workers gets easier and more secure.” according to Ronnie Vink.

About the author

Ronnie Vink

Ronnie Vink is CTO at SonicBee and an expert in IT service management, cloud computing architecture and IAM solutions. His focus is on the continuous improvement of IT services, mainly by implementing a high degree of scalability, automation and stability using public cloud provider platforms. In addition, he has almost 10 years of experience in the IT Security domain, including as an OSCP certified ethical hacker.

About SonicBee

SonicBee is the Identity and Access management (IAM) company providing innovative and intelligent managed services and business consultancy to make businesses faster, smarter and more secure. We ensure that everything and everyone within your environment can access information in a safe, compliant and smart way.

We challenge the existing market by looking at identities and data in a new way. SonicBee provides intelligent access solutions, advise and implementations, focused on increasing our society’s cyber security and creating business value.