The Future of IoT Security for Axeda Customers

David Bennett

Recently, Device Authority’s CTO James Penney recorded a podcast with  Axeda Co-Founder and CTO Jim Hansen.  

Full disclosure: I was the first Salesperson hired by Axeda in 2001 and I can personally attest that at the time many companies thought we were out of our minds! 

In the early days, Axeda’s biggest challenge was getting machine makers to use this new thing called the Internet to remotely manage their high value assets in the field. 

Security was everyone’s big concern, but the issues back then were focused around maintaining firewall integrity and the IT Department making sure that they had control of any data moving in and out of the enterprise. Hackers, spoofing, phishing and malware, were not around at the time, security requirements were token based and a one-time thing – inject the key and you’re done. 

In 2014 Axeda was acquired by PTC and was incorporated into PTC’s ThingWorx IoT Platform, many companies are still using the original Axeda platform today. 

As we go into 2023 the security landscape and level of IoT sophistication has changed dramatically. Despite what you might read about online, Industrial IoT deployments continue to be hard, and in many cases even harder than back in the day. Data privacy concerns is another thing that machine makers and their customers must consider today.  

In addition, new regulatory requirements around IoT devices are emerging. There is new IoT security legislation in the US as well as the up-and-coming EU Cyber resilience act. Zero Trust, which begins at the device, is becoming table stakes. Companies will soon be required to create and maintain a Software Bill of Materials (SBOM) if their IoT products are considered part of critical infrastructure. And the seemingly daily news about data breaches and other cybersecurity incidents is making industrial end-users nervous. 

 To deploy IoT devices today, your security story must be SOLID and FUTURE PROOF. If you are considering moving to a new IoT Platform, or even if you’re sticking with what you have now, what is your security strategy around protecting your IoT devices? How are you going to achieve Zero Trust? 

In a list of the top 10 IoT vulnerabilities, as listed by Venafi; weak passwords, lack of secure update mechanisms, and lack of device lifecycle management are all on this list as common vulnerabilities. What is your strategy to strengthen your weaknesses in these areas and others? 

All these factors, combined with the growth of data computing at the edge, make device identity protection even more of a priority. It’s simple to manage identities if you have just a few devices deployed in the field. However; 

• What about when you have thousands of IoT devices, many of them far away and hard or expensive to reach? 

• What happens if you must manage their identities (change certificates for example)? 

• What happens if you detect an anomaly in data coming from a device and decide to take it offline? 

• If you have a high number of IoT devices deployed, do you have enough humans to manage them? 

Device Authority customers use our KeyScaler platform to automate the process of device identity access management. We have a fantastic solution that enables our customers to automatically rotate keys whenever they want. It’s completely automated so that you never have to send a human to a device to quarantine it, change its identity or otherwise manage access. We have customers in Automotive, Energy, Medical Devices, Pharmaceuticals, Electrification and others. 

If you are still forming your IoT device identity strategy, or if you believe your current strategy isn’t strong enough, come talk to us.