Skip to main content
banner image
venafi logo

Are You Securing Code Signing for IoT Devices? [Interview with Device Authority]

Are You Securing Code Signing for IoT Devices? [Interview with Device Authority]

image of several locks hanging on a fishing hook
November 19, 2019 | Bridget Hildebrand


Historically speaking, it’s very difficult to secure code signing operations for IoT devices.  When developers haphazardly sign code, IoT updates can be ripe for attack. As we’ve seen with Stuxnet, stolen code signing keys and certificates are powerful cyber weapons.  Venafi is committed to enabling our customers to protect their business-critical applications, and to support this effort, we created the Machine Identity Protection Development Fund. With $12.5 Million, the Fund sponsors the development of integrations with the Venafi Platform over the coming years, accelerating the expansion of the Venafi ecosystem.
 

In eleven months since the Development Fund’s inception, nearly 20 companies have focused on building integrations with the Venafi platform. Recently I had the pleasure of getting to know an important new developer and learning about the exciting plans they have for the Venafi Platform.  In this continuing interview series with developers, today I am speaking with James Penney who is CTO at Device Authority in the United Kingdom.

 

 

Bridget: What does Device Authority do?

James: Device Authority is a global leader in Identity and Access Management (IAM) for the Internet of Things (IoT). In particular, we focus on medical/healthcare, industrial, automotive and smart connected devices. Our KeyScaler platform extends trust to IoT devices and the IoT ecosystem, to address the challenges of securing the Internet of Things. KeyScaler uses breakthrough technology including Dynamic Device Key Generation (DDKG) and PKI Signature+ that delivers unrivalled simplicity and trust to IoT devices. The solution offers organizations a rich set of features for automated security, including device provisioning, authentication, credential management, policy based end-to-end data security/encryption and code signing/update capabilities.

 


Bridget: As part of the Development Fund, which machine identity protection challenge you are aiming to solve?

James: For decades, code signing has been used to verify the integrity of software. Nearly every organization relies on code signing to confirm their code has not been corrupted with malware. Code signing keys and certificates are used in a wide range of products, including firmware, operating systems, mobile applications and application container images. Unfortunately, organizations often struggle to secure and protect code signing operations, because they don’t have a solution that allows them to consistently enforce policies across locations, tools and processes.


 

Bridget: How is Device Authority going to solve this challenge?

James: As enterprises embrace and adopt IoT devices, code signing usage will continue to grow at an exceptional rate. Many organizations use home-grown solutions to fulfill code signing requirements for IoT use cases, but these tools often lack the visibility, automation and intelligence needed for proper protection. Using our sponsorship from the Machine Identity Protection Development Fund, Device Authority will provide a new turn-key code signing and update delivery extension to KeyScaler powered by Venafi Next-Gen Code Signing to connect security team policy and controls to secure the code signing process. Additionally, Device Authority will create a new Certificate Authority service connector for the Venafi Platform. This will allow KeyScaler customers to use the Venafi platform as a source for certificate issuance.
 



 


Bridget: Describe the new world for customers that the KeyScaler and Venafi integration will make possible.

James: In the case of IoT, organizations need to maintain a trust association with the edge/device and the process must be managed without human intervention. If this trust is compromised, it provides adversaries with essentially a cyberweapon with huge breadth, high success, and immensely damaging impact. This Development Fund project seeks to close these gaps by integrating and using Venafi Next-Gen Code Signing throughout the secure update lifecycle.  Being accepted into the Development Fund is a huge success for the Device Authority team, and we are excited to bring this critical technology integration to market.
 

Device Authority’s integration is targeted to be complete in early 2020. Visit Device Authority on the Venafi Marketplace for more information. And stay tuned for future interviews with Machine Identity Protection Development Fund recipients.
 

Learn why code signing is not just for software companies anymore. Venafi code signing expert Eddie Glenn explains. 

 




 


Related posts

 

 

Like this blog? We think you will love this.
New Development Fund partners
Featured Blog

Venafi Ecosystem Expands—Meet Our New and Returning Developers

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Bridget Hildebrand
Bridget Hildebrand

Bridget is Sr. Product Marketing Manager for Ecosystem at Venafi. She has over 20 years of experience managing strategic alliances and global channel programs for a broad range of technology organizations.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat