The pervasive adoption of Internet of Things (IoT) devices has profoundly reshaped digital connectivity by enabling real-time data exchange and autonomous interactions on a global scale. While this transformation presents substantial operational benefits, it simultaneously introduces significant security challenges, especially in terms of Identity and Access Management (IAM) for non-human entities, such as sensors, devices, machine agents, and service accounts. Historically, traditional perimeter-based security models, which depend on static trust boundaries and implicit trust for internal actors, have been applied to human identities. However, these models prove inadequate for managing non-human identities. This inadequacy has spurred interest in Zero Trust Architecture (ZTA), an advanced security paradigm based on the principle of “never trust, always verify.” This paper examines the application of ZTA in safeguarding IoT ecosystems, with a particular emphasis on managing non-human identities. The study delves into ZTA’s fundamental principles, such as least privilege, micro-segmentation, continuous monitoring, and identity-centric access control, and evaluates their effective implementation in resource-constrained IoT settings. The research identifies critical implementation challenges and considerations for applying identity-based ZTA within IoT contexts. The findings of this paper underscore that ZTA, when meticulously implemented, provides a robust framework for mitigating the cyber risks inherent in IoT ecosystems. Furthermore, the paper delineates prospective research avenues aimed at integrating ZTA into IoT environments. Ultimately, this study contributes to the expanding body of scholarly knowledge by endorsing Zero Trust as a foundational strategy for contemporary IoT security.
Mthethwa et al. (Tue,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: