
ChannelPro Network: IAM for IoT
On March 1, 2022, Larry Trowell was featured in a ChannelPro Network article titled, IAM for IoT. Preview the article below, or read the full article online here.
+ + +
IDENTITY AND ACCESS MANAGEMENT is hard enough when it’s mostly users you have to worry about. When large volumes of vulnerable IoT devices are involved as well, the challenges only get greater.
“IAM is already a complex subject, and the addition of IoT devices makes the entire process much more complex,” says Larry Trowell, principal consultant at NetSPI, a penetration testing-as-a-service security company in Minneapolis.
In IT, IAM “is used to streamline user digital identities, and to enhance the security of user-facing front-end operations,” says Dimitrios Pavlakis, a senior analyst at ABI Research. Policies for passwords, email, accounts, and more can be automated, like onboarding, to meet security requirements and compliance rules. These advantages apply to IoT devices as well as users, but there are numerous hurdles.
For instance, domain controllers used by many companies often have trouble supporting IoT devices with limited client intelligence, according to Trowell. Even cloud solutions prepared for IoT devices “may not be able to operate with the level of access businesses feel they should,” he notes. Multiple IoT devices may need to maintain identities and roles between various accounts, leading to security gaps within this complex environment.
Explore More News

NetSPI Named Sample Vendor in 2025 Gartner® Hype Cycle™ for Application Security
NetSPI announces its inclusion in the Gartner Hype Cycle for Application Security 2025, highlighting its innovative solutions and industry leadership.

Media Alert: NetSPI Named a Finalist in Penetration Testing Category for the Top InfoSec Innovator Awards, 2025
NetSPI is named a finalist in the Penetration Testing category for the Top InfoSec Innovator Awards 2025.

SC Media: Compromised at the Core: Why Identity Remains Cyber’s Biggest Flaw
Nick Walker, Regional Director, EMEA at NetSPI, in an article published in SC Magazine, warns that identity compromise, not exotic malware, remains the most dangerous weakness in enterprise cybersecurity.