July 12, 2022

With 64 billion IoT connections by 2025, it must be Zero Trust or nothing when it comes to security

Digital transformation has reached an unprecedented level – 90% of organizations rely on the cloud in some way, with growth in 5G fuelling increased Edge adoption and exponential growth in IoT devices.  In these more complex, connected environments, 94% of CIO’s acknowledge the likelihood of a serious threat to their environment in the next year, ranging from breaches to the threat of malware and ransomware. Alarmingly, many CIO’s question their organization’s resilience, and Gartner predicts that by 2025 99% of cloud security failures will be the customer’s fault.


As our partners at Venafi point out, connected devices are the new network perimeter and many of the threats organizations face target these weak defences as a first line of attack.



In response to this new threat landscape, 68% of security professionals plan to adopt a Zero Trust approach to securing the enterprise….music to our ears! We believe Zero Trust, extended to IoT devices, is the only way to bridge the gap between a chip-centric secure by design approach to security, and a layered network security approach. Both of these frameworks combined in a “Zero Trust by Design” approach, provides a truly secure IoT ecosystem. However, the fact that less than half of security professionals (42%) are actually putting this into practice results in concerning vulnerabilities, unnecessary risks, and a limitation of the potential for scaled IoT operations.


According to recent HelpNet Security research, a lack of clarity around how Zero Trust can be achieved is the top barrier to adoption, closely followed by the perception that, particularly for IoT devices, the continuous authorization required throughout the identity lifecycle is too onerous or difficult to manage.


To ensure success, automated machine identities for connected devices are crucial to a Zero Trust framework. Strong identities are required to enforce policy, and automated, zero touch identity management ensures it is operational at scale. Rather than a ‘set it and forget it’ approach, relying solely on network security layers and constrained to a single solution, Zero Trust must be considered a dynamic process which includes the broader ecosystem and accounts for the full machine identity lifecycle.


Device Authority’s Keyscaler platform incorporates all five tenets of the NIST Zero Trust Framework by managing the entire identity lifecycle for devices, beginning with secure production, zero touch provisioning, IoT Security Management, Enterprise integration, and decommissioning/recommissioning.  Not only does this enable complete automated device, data, and operational trust at scale, but also enables organizations to remain compliant with the most recent security legislation and guidelines.


DA Zero Trust Lifecycle


Today, Device Authority supports a growing list of leading global companies looking to maximize their IoT investments. Keyscaler manages the full machine identity lifecycle for their connected devices at scale, helping them automate a Zero Trust approach to their IoT security – get in touch if you would like to see how we can help you.


Tyler Gannon