The expansion of the Internet of Things (IoT) has created a need for trusted tools to support the identification and validation of increasing numbers of Internet-enabled connected machines (defined as applications or physical devices that collect data). Analyst firm Gartner projects that by 2020 the number of deployed IoT machines will reach 20.4 billion. In a recent blog, I discussed the need to protect the identity of these machines, in light of the volumes of digital credentials that have to be managed. In this blog, I will dig a little deeper into the subject and describe the main reasons why you need a root of trust to ensure security in enterprise IoT deployments.
The rate at which IoT machines are being deployed across enterprise networks is rapidly accelerating. The IoT focuses on collecting data and maintaining situational awareness of the operational and business environment. The insights obtained enable decisions to be made quickly (and many times automatically without human intervention), to optimize processes.
However, with more machines online than people on the planet, the IoT is driving demand for trusted digital identities. Trust is essential for the success of IoT, because, if you cannot trust the machines and data they collect, any insight discovered is questionable and could produce misguided actions.
To manage machine identities and ensure the machines are who they say they are, enterprises need to deploy digital credentialing systems with a strong root of trust. To do this, organizations need to understand how to support machine credentialing and how to securely manage it to ensure trust in the technology. Fortunately, public key infrastructures (PKIs) offer the foundation for establishing and managing digital identities at the scale the IoT demands.
PKIs have been used for decades to identify and authenticate individuals and machines. The technology includes the hardware, software, policies, processes, and procedures needed to manage digital identities. PKIs enable the use of digital signatures and encryption across large user populations. As the IoT has grown, PKIs have become more important. The Ponemon Institute’s PKI Global Trends Study, commissioned by Thales, found that IoT is the fastest growing trend driving the deployment of applications using PKIs. In the next two years, an average of 43 percent of IoT machines including devices will use digital certificates for identification and authentication. However, ensuring the security of a PKI requires an auditable chain and root of trust that you can depend on.
PKIs employ asymmetric cryptography using a key pair – a private and a public component. The private key is held in secret, and is used to sign the public certificate that is issued to the individual or machine receiving the credential. Secure insertion of digital certificates into machines establishes their identity, and provides the mechanism to later authenticate who they are once they become part of a closed ecosystem. Here are three reasons why you need this root of trust when orchestrating machine identities:
Security solutions from Thales and its technology partner Venafi can help you establish a root of trust, so you can deploy and use the IoT with confidence. Thales and Venafi can help you design and implement a PKI root of trust that protects your IoT deployments and accelerates your organizations’ digital transformations. Venafi Advanced Key Protect provides automated orchestration for key generation, installation, and protection. Thales nShield Connect HSM sleverage strong hardware-based security to protect critical signing keys, enforce dual controls, and facilitate compliance to establish a FIPS and Common Criteria certified root of trust.
To learn more and earn CPE credits, join Thales and Venafi on our joint webcast Orchestrating Machine Identities in the IoT: Securing the Chain and Root of Trust. You can also follow me on Twitter @asenjojuan.