An IAM strategy is incomplete unless it includes controls to support the entire identity lifecycle. The identity lifecycle begins with a device bootstrapping to join a trust relationship with other elements of the infrastructure. It ends with device decommission and associated account deactivation and deletion. Along this lifecycle, there are many events and activities that demands adequate visibility and control paradigms from a security standpoint. Two important device management capabilities are discussed in this section.
In industrial OT, network log histories are maintained to track control operations and commands. Events and access control-related logs are important to have sufficient visibility on the dynamics of an IoT deployment.
Some IIoT platforms generate event and activity logs. Any anomaly or rogue activity detected is forwarded upstream for further analytics and reporting. But the logs are vulnerable to unintended...