Securing IoT devices in a world of complexity

Digital trust is essential to guarantee the security of these connected devices. Public key Infrastructure (KPI) has been widely adopted by IoT solution manufacturers as the primary method for achieving scalable trust. Proven, standards-based and transparent for users, it is central to nearly every aspect of technology and digital security. PKI also supports strong security measures such as login authentication, software signing, and encryption of sensitive data. However, despite the widespread adoption of PKI, in many ways the world of PKI remains a wild wild, wild west.

IoT security is a world of Unmanaged Chaos

What makes PKI security for IoT so hard? The the diversity, volume, and limited visibility of many IoT deployments combine to present unique challenges. IoT solutions are deployed in a dizzying array of environments, in every use case imaginable, run on user devices, devices and sensors in many form factors.

Pure volume devices also introduces new challenges for organizations using PKI. According the 2021 PKI Automation Status Reportthe typical business run on 50,000 certificates. ButToday, enterprises are faced with massive increases in the number of certificates they manage.

The same report revealed that 37% of companies use more than three departments to manage certificates, leading to confusionadministrative overhead and time-consuming, error-prone manual processes. These multiple departments may be siled organizations, contributing to limited visibility into the status of their certificates. NOTthe first half, 47%, say they frequently discover so-called “rogue” certificates, that is, certificates that have been implemented without the knowledge of the IT department or its management. It’s impossible for organizations to secure what they can’t see.

Without digital trust, the IoT cannot work

IoT devices themselves have inherent vulnerabilities. The same quality that makes the IoT so advantageous – the ability to connect a wide variety of devices of all form factors – is what makes protecting it so difficult. Every process and transaction is based on trusted connections and information swapauthentication is therefore essential.

Data constantly flows in real time between devices at the edge, and return to the data center network, so insured confidentiality is too essential to protect data. Maintaining digital trust and data integrity is essential not only for the interactions of the devices themselves, but also critical for proof secure firmware updates, device boot process and other essential requirements.

Sharon D. Cole