March 13, 2023

Device Authority and Finite State form partnership to ensure security of IoT software supply chain

finite state and device authority announce partnership

Device Authority, the global leader in IoT identity lifecycle management, today announced its partnership with Finite State, the leader in managing software supply chain risk for the enterprise. The partnership will drive continuous assurance, and software transparency for enterprise teams to reduce software supply chain risk across the global OT / IoT ecosystem.

Due to the exponential growth of connected devices across industrial sectors, including critical infrastructure, healthcare and automotive, this partnership brings together an essential combination of device identity and dynamic SBOM management  to meet the demand of AppSec and Product Security teams within the broader OT sector.      In fact, the connected device ecosystem has demonstrated a level of sprawl never seen previously, and is estimated to have reached an estimated 50 billion devices in 2022.

The offering combines the continuous assurance with device identity management, device software validation and remediation automation capabilities of Device Authority’s KeyScaler platform, with Finite State’s Next Gen platform which ingests and manages Software Bill of Materials (SBOM) data with advanced vulnerability intelligence correlation. This powerful combination enables IoT environments to be alerted to vulnerabilities within their software supply chain and, critically, for action to be taken instantly against policy, ultimately enabling vendors to manage risk in their infrastructures.

Commenting on the partnership, Device Authority CEO Darron Antill said, “The introduction of SBOMs has been an important step forward in setting standards for the communication of vulnerabilities within the software supply chain. The use of these SBOMs with a continuous assurance approach will help customers manage risk in their supply chains & IoT deployments. Our partnership with Finite State not only helps organisations to comply with regulation but also, crucially, to take action on the information they receive to secure their IoT environments.

“In many settings, these connected devices are operating in sensitive and high-risk environments so a timely response to any vulnerability is vital. The ability of KeyScaler to utilise the data from Finite State’s platform to automatically isolate any number of devices to minimise risk is key.”

“Industrial sectors represent an at-risk population of organizations who lack the visibility necessary to reduce their risk across the software supply chain, said Tom Bain, EVP, Marketing, Finite State. “Embedded systems are low-hanging fruit for attackers, and for that reason, Finite State and Device Authority are trying to change that narrative with dynamic, enriched and actionable SBOMs. As the networks in industrial / IoT sectors transform digitally, cybersecurity should accelerate at the same pace, and that’s what we are prioritizing in this partnership.”

Device Authority and Finite State will be discussing the importance of SBOMs and how to secure your software supply chain on a Health-ISAC webinar on March 14. Register here.


About Finite State:

Finite State empowers organizations to gain control of application and product security for their connected devices and software supply chains. Across the software supply chain lifecycle, Finite State is the single pane of glass for customers that provides continuous visibility into software supply chain risk.

Backed by a team of seasoned experts, Finite State’s platform arms customers with the automation to scale risk mitigation and 2B+ data points to deliver actionable SBOM’s and insights, critical vulnerability data and the remediation guidance necessary to mitigate AppSec and product risk to protect the connected attack surface.

About Device Authority

Device Authority is a global leader in securing machine identities and enabling zero trust for IoT. Device Authority’s KeyScaler is the only platform to automate and manage machine identities throughout their lifecycle, delivering automated device provisioning, authentication, credential management, policy-based end-to-end data security/encryption and secure updates and providing complete device, data and operational trust.

Keep updated by visiting, following @DeviceAuthority and subscribing to our BrightTALK channel.


Claire Tennant