Identity and access control can be costly. That's why it is important to align IAM strategy with the level of risk by assessing and prioritizing the threats. It's important to remember that threat actors in industrial incidents have larger motives and funds. So, the risk of an identity breach in a small-scale smart wind farm can be much lower than that of a smart city energy grid.

IIoT deployment architecture often decides the boundary of edge premises and the cloud. In the case of using public data centers and cloud providers such as AWS and Microsoft Azure, the cloud provider might already have a shared security model, where managing identity and access control is partially taken care of. Evaluating the IAM implementation of the connectivity and cloud provider can help create a well-aligned IAM strategy that can be cost-effective and practical. This topic is discussed further in Chapter 6, Securing IIoT Edge, Cloud, and Apps.