August 3, 2022

Assess Your IoT Security: 9 Core Zero Trust Capabilities

Machine Identities, Zero Trust….how do these relate to your IoT project? Today’s PKI vendors have specific solutions for managing non-human identities – machines – like servers, laptops, software applications, API’s and other assets found within a corporate network. These managed identities are a foundational component of a Zero Trust security strategy as laid out in the NIST Cybersecurity Framework, and the White House Executive Order mandating stricter Cybersecurity controls.

But what happens when those machines are outside the firewall as part of a rapidly accelerating landscape of IoT devices, deployed at scale for industry-specific use cases like surgical robots, or autonomous construction equipment, or other components of critical national infrastructure? Do your devices use keys and certificates and automatically enforce specific policies for managing those keys? How quickly can you lock those devices down in the event of an attack? Can you renew those device credentials to get your supply chain back in order? Can you be sure to trust your supply chain?

Do you even have the personnel or expertise to manage those identities? When the impact of a breach can cause damage within seconds, speed and accuracy are critical.

Some Enterprise IAM providers and Certificate Authority vendors say “yeah we do IoT too!” But the reality is, traditional human and machine identity management models simply do not work for Enterprise IoT – an automated, flexible platform designed specifically to automate IoT device trust throughout its full lifecycle is required. Leading analysts place Device Authority at the top of several IoT IAM categories based on our constant innovation, and the positive impact we’ve had for our customers. We work with the leading PKI and Cloud platforms and deliver out-of-box capabilities, NOT a DIY project.

In 2018 Device Authority was the first IoT IAM provider to lay out the 6 phases of a device identity lifecycle in an Enterprise IoT Blueprint. This blueprint identifies the specific steps in a device’s journey from Secure Production, to Enterprise Integration, to End-of-Life Decommissioning. The question is – have you accounted for the 9 Core Security Capabilities required to meet Zero Trust standards for IoT throughout the device lifecycle? We’ve updated our IoT Technical Market Insight Guide to explain why machine identities and Zero Trust are so import for today’s IoT and how automation of these nine capabilities will deliver IoT success for your organization.

Device Authority is 100% focused on IoT Identity Lifecycle Management – it’s what we do. Don’t trust your Enterprise IoT security to someone that “also” does IoT.


The KeyScaler platform is designed to deliver the Nine Core Security Capabilities essential to the success and scalability of Zero Trust IoT applications:

  1. Automated Device Provisioning
  2. PKI Services for IoT
  3. Certificates and Identity Lifecycle Management (including Edge)
  4. Data Privacy/Policy-driven Encryption
  5. Automated Password Management
  6. Code-Signing and Secure Updates
  7. HSM Access Controller
  8. Secure Asset Delivery
  9. Network Access Control (NAC) for Enterprise IoT

Download our new Technical Market Insight Guide for more information

Tyler Gannon