September 21, 2023

The world needs start-ups to meet IoT security challenges

I read this article earlier this week from Jeff Vance and I was buoyed by the refreshing reflection of reality – Jeff really hits the nail on the head.

As the CEO of a cyber security start up, we see, hear, and feel these points daily and the fact is that so many larger security or network businesses claim to solve problems that they cannot. Not only is this doing a disservice to customers but to the wider security landscape.

Let’s explore this further…

When looking for the right solution, integration is key and you need to be able to plumb into the ecosystem and existing investments. Many Cyber and PKI/Identity companies claim they have the answers for customers, but in actual fact it is often only suitable for their stack and only for PKI which, as proven by many, is too expensive, too complex and not the only answer. The mantra of ‘You never get fired for buying IBM or Cisco etc’ doesn’t work for security!

Instead, taking the time to understand the use cases, the challenges, the gaps and what people are trying to achieve is paramount here. As a startup you must focus on use cases, and frankly if you don’t you will never achieve an MVP your customers will buy.

Microsoft has referred to us as the ‘glue’ for their IoT opportunities in the field and it’s true! We solve the ‘work the old and work with the new’ and our recent Microsoft award is further justification of this. In KSaaS we have built a cloud-based service for customers who don’t have the skills or don’t want to make the investment in their own deployment and would benefit for the significant ROI savings of a cloud based service (in fact you can calculate the ROI you would achieve from using KSaaS here).

We have also seen the merry go round – some customers have come back because the well branded and well marketed solution by the big incumbent does not solve their device cyber security challenges or their ongoing management throughout their extensive security lifecycle, which demand significant human intervention and can present cost implications and human mistakes. Often their hardware-based solutions only work for the vendors stack which is far from ideal for the end customer who has a fleet of devices and things it needs to manage as part of its business or digital transformation.

The fusion of AI and IoT, and the need for AI and Machine Learning in the IOT space will also look to start ups for solutions. Solving data and device trust challenges go hand in hand and, as the recent White House Executive Order 14028 and SBOM requirements work their way up organisations’ priority lists, the challenges of how you can attest an SBOM, how can you be sure it’s from the device it is supposed to be from and can it be trusted are front of mind. Again, startups, including Device Authority and a number of our partners, are at the centre of this cycle of SBOM creation, automation, validation and trust.

The issue of trusted and untrusted partners is also increasingly important and we have seen many initiatives focus on securing the supply chain, both up and down. Whilst these initiatives can be driven by value, market differentiation and even compliance and law in some industries, the fact is that solving the cyber challenge is becoming an increasingly vital priority – it’s definitely been a while since I have heard TLS is good enough and security is not our responsibility 😉

As Jeff alludes to at the end of his article, in the complex world of IoT security, a single vendor solution is not the best answer. Instead organisations should look to create an ecosystem of the best solutions in their field that are coming together to solve their specific use case.  If this realisation can save one organisation from the wasted time, resource and money that comes from opting for a big incumbent then IoT security will have taken another step forward.


Darron Antill