Thursday, October 31, 2019

Venafi’s Machine Identity Protection Development Fund to sponsor new integration

London, UK and Fremont, USA – Device Authority, a global leader in Identity and Access Management (IAM) for the Internet of Things (IoT), today announced it has been accepted into the Venafi Machine Identity Protection Development Fund.

For decades, code signing has been used to verify the integrity of software, and nearly every organization relies on it to confirm their code has not been corrupted with malware. Code signing keys and certificates are used in a wide range of products, including firmware, operating systems, mobile applications and application container images. Unfortunately, organizations often struggle to secure and protect code signing operations because they don’t have a solution that allows them to consistently enforce policies across locations, tools and processes.

As enterprises embrace and adopt IoT devices, code signing usage will continue to grow at an exceptional rate. Many organizations use home-grown solutions to fulfill code signing requirements for IoT use cases, but these tools often lack the visibility, automation and intelligence needed for proper protection. Using their sponsorship from Venafi, Device Authority will provide a new turn-key code signing and update delivery extension to KeyScaler powered by Venafi Next-Gen Code Signing to connect security team policy and controls to secure the code signing process.

Device Authority’s KeyScaler platform provides an automated solution to provision unique certificates, signed by a pre-configured Certificate Authority, to IoT devices – without requiring any human intervention. Additionally, Device Authority will create a new Certificate Authority service connector for the Venafi Platform. This will allow KeyScaler customers to use the Venafi platform as a source for certificate issuance.

“Historically speaking, it’s very difficult to secure code signing operations for IoT devices,” said Kevin Bocek, vice president of security strategy and threat intelligence for Venafi. “When developers sign code, IoT updates can be ripe for attack. As we’ve seen with Stuxnet, stolen code signing keys and certificates are powerful cyber weapons.  Attacking the code signing process can provide cyber attackers with control over a fleet of IoT devices. We’re pleased to work with Device Authority, a global IoT cyber security leader, to integrate with Venafi Next-Gen Code Signing to protect IoT.” 

“Venafi is a technology pioneer in the machine identity protection market. They understand the challenges of protecting IoT device identities and the applications they send data to. Being accepted into their development fund is a huge success for the Device Authority team and we are excited to complete the development and integration in the coming months,” said James Penney, CTO of Device Authority.



About the Venafi Machine Identity Protection Development Fund

Venafi’s Machine Identity Protection Development Fund is a $12.5 million initiative to protect all machine identities. Funded developers will create integrations that accelerate the delivery of comprehensive protection for machine identities across complex enterprise networks. The Development Fund is a global initiative and will increase the visibility, intelligence and automation required for machine identity protection.

The Machine Identity Protection Development Fund encourages recipients to build integrations across any technology that creates or consumes machine identities, including:

  • Cloud and hybrid cloud infrastructure.
  • DevOps.
  • Containerization.
  • Secure Shell (SSH).
  • Code signing.
  • Robotic Process Automation (RPA).
  • Artificial intelligence, machine learning and big data analytics.
  • IoT.
  • Blockchain distributed ledger technology.

To find out more about the Venafi Machine Identity Protection Development Fund and how you can become a funded developer, please visit:


About Device Authority

Device Authority is a global leader in Identity and Access Management (IAM) for the Internet of Things (IoT); focused on medical / healthcare, industrial and smart connected devices. Our KeyScaler™ platform provides trust for IoT devices and the IoT ecosystem, to address the challenges of securing the Internet of Things. KeyScaler uses breakthrough technology including Dynamic Device Key Generation (DDKG) and PKI Signature+ that delivers unrivalled simplicity and trust to IoT devices. This solution delivers automated device provisioning, authentication, credential management and policy based end-to-end data security/encryption.

With offices in Fremont, California and Reading, UK, Device Authority partners with the leading IoT ecosystem providers, including AWS, DigiCert, Gemalto, HID Global, Microsoft, nCipher Security, PTC, Thales, Wipro and more. Keep updated by visiting, following @DeviceAuthority and subscribing to our BrightTALK channel.