January 17, 2023

Does Your Organization Meet the 9 Core Capabilities Essential for Zero Trust in IoT?

how do you measure up against the 9 core capabilities for zero trust in iot

Every one of your IoT devices has their own machine identity. But how are these identities the key to achieving Zero Trust  IoT project?  

Today’s PKI (Public Key Infrastructure) vendors have specific solutions for managing non-human identities – machines – like servers, laptops, software applications, API’s and other assets found within a corporate network. These managed identities are the foundational component of any Zero Trust security strategy as laid out in the NIST (National Institute of Standards and Technology) Cybersecurity Framework and required by the White House Executive Order 14028 mandating stricter Cybersecurity controls for critical infrastructure. 

According to Gartner, 75% of security failures will result from inadequate management of identities. So how do you manage yours when those machines are outside the firewall as part of a rapidly accelerating landscape of IoT devices, deployed at scale for industry-specific use cases like surgical robots, autonomous construction equipment, flood sensors, or other components of critical national infrastructure? Do your devices use keys and certificates and automatically enforce specific policies for managing those keys? How quickly can you lock those devices down in the event of an attack? Can you easily renew those device credentials to get your supply chain back in order? Can you be sure to even trust your supply chain? 

Most importantly, does your organization have the personnel or expertise to manage those identities? When the impact of a device breach can cause damage within seconds, speed and accuracy are critical. 

Some Enterprise IAM (Identity and Access Management) providers and Certificate Authority vendors say, “yeah we do IoT too!” But the reality is, traditional human and machine identity management models simply do not work for Enterprise IoT – an automated, flexible platform designed specifically to automate IoT device trust throughout its full lifecycle is required. Leading analysts place Device Authority at the top of several IoT IAM categories based on our constant innovation, and the positive impact we have had for our customers. We work with the leading PKI and Cloud platforms to deliver out-of-box capabilities, NOT a DIY project. 

In 2018 Device Authority was the first IoT IAM provider to lay out the 6 phases of a device identity lifecycle in an Enterprise IoT Blueprint. This blueprint identifies the specific steps in a device’s journey from Secure Production to Enterprise Integration, to End-of-Life Decommissioning. The question is – have you accounted for the 9 Core Security Capabilities required to meet Zero Trust standards for IoT throughout the device lifecycle? We’ve updated our IoT Technical Market Insight Guide to explain why machine identities and Zero Trust are so import for today’s IoT and how automation of these nine capabilities will deliver IoT success for your organization. 

Device Authority is 100% focused on IoT Identity Lifecycle Management – it is what we do. Don’t trust your Enterprise IoT security to someone that “also” does IoT. 

Device Authority’s KeyScaler platform delivers the Nine Core Capabilities essential for the automation of Zero Trust for IoT. Device Authority KeyScaler, and KeyScaler Edge, provide patented Dynamic Device Key Generation (DDKG) technology for establishing device to KeyScaler trust to uniquely deliver the following: 

  1. Automated Device Provisioning
  2. PKI Services for IoT 
  3. Identity Lifecycle Management (including Edge) 
  4. Continuous Assurance and Threat Validation with SBOM’s 
  5. Data Privacy and Policy-Driven Encryption 
  6. Code-Signing and Secure Updates 
  7. HSM Access Controller 
  8. External Threat Intelligence for Authorization 
  9. Machine Learning and AI for Continuous Authorization 

Louise José