With the huge shift to cloud environments and hybrid workforce, businesses need a zero trust approach for the security of their IoT devices. However, less than most are implementing it. Slow adoption of zero trust for devices leaves vulnerabilities in the cloud. And when nine out of 10 companies have moved to the cloud, that’s a big problem. Protecting the machine identities of your IoT connected devices can lead to a zero-trust cloud environment and greater cyber resilience.
Considering the inherent insecurity of connected devices, the threats facing organizations today often involve weakly-defended IoT equipment as the first line of attack. This is especially alarming as 94% of CIOs acknowledge some serious threat to their environment within the next year.
A snapshot of those concerns reveal:
Some risks specifically affecting IoT include:
Considering there will be over 64 billion IoT devices in use by the end of 2025, it will be impossible to secure your organization and achieve a Zero Trust environment without securing all connected devices that make up your IoT.
Gartner predicts that by 2025, 99% of cloud security failures will be the customer’s fault. This means it falls squarely on the shoulders of the enterprise to protect the devices that connect to it.
To do this, organizations can establish an identity-based Zero Trust strategy. The National Institute of Standards and Technology (NIST) defines Zero Trust as “a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.”
In an identity-centric approach, human and machine identities are at the core of security policy creation, with access controls and policies based on assigned attributes. In this scenario, “the primary requirement to access corporate data and resources is based on the access privileges granted to the requesting user or machine.” So, Zero Trust is established based on cryptographic controls verifying the identity of the requesting machine.
“If a cybercriminal compromises a device and gains access to the [corporate cloud] environment, they can steal data, engage in a ransomware attack or carry out a malware campaign,” explains data and privacy expert Ambler Jackson. To prevent this, “organizations must have visibility into all connected devices and the ability to verify their identity before allowing access to cloud resources.”
As Venafi expert Ivan Wallis states that “in an on-demand environment, such as the cloud, Zero Trust bootstrapping systems require an identity right out of the gate. And in this type of machine-centric world, human nature doesn’t make sense as a checkpoint—we can no longer make gross assumptions on which external systems should be trusted.” Says Wallis, “In this sense, Zero Trust automatically assumes that a given activity is not allowed on a machine unless it falls within the acceptable security parameters for the user and function.”
For this reason, basing trust on secure digital identities (not general external systems) becomes key to establishing true Zero Trust in the cloud, and across your ecosystem.
“To implement a Zero Trust strategy, organizations with mature cybersecurity programs use machine identity management. Verifying the identity of a device or a machine is the foundation of securing access to company resources, to include workloads that process data in the cloud,” states Jackson. In today’s threat economy, it is impossible to achieve zero trust without machine identity management.
Within each IoT device are thousands of machine identities or factors that establish the identity of the device and whether or not it can be trusted. As security expert David Bisson stated, “Machine identity management helps organizations gauge how much trust they can place in the identity of their machines,” which includes “credentials, such as secrets, cryptographic keys, X.509 and code signing certificates, and SSH keys.” According to Wallis, “Cryptographic keys and digital certificates are used to identify a machine and determine specific levels of trust. But this only works if you have a way of ensuring the integrity of those machine identities.”
A comprehensive machine identity management policy allows security teams to:
Venafi Trust Protection Platform allows you to manage all TLS, SSH and code signing machine identities for all devices within your ecosystem. Ensure Zero Trust across your IoT by protecting machine identities in on-premises, cloud, cloud-native, multi-cloud, and hybrid environments.
Find out more about how Venafi Machine Identity Management can ensure Zero Trust for devices and improve cyber resilience.