Skip to main content
banner image
venafi logo

Why Businesses Can’t Afford Anything Less Than Zero Trust in IoT

Why Businesses Can’t Afford Anything Less Than Zero Trust in IoT

June 23, 2022 | Anastasios Arampatzis

With the huge shift to cloud environments and hybrid workforce, businesses need a zero trust approach for the security of their IoT devices. However, less than most are implementing it. Slow adoption of zero trust for devices leaves vulnerabilities in the cloud. And when nine out of 10 companies have moved to the cloud, that’s a big problem. Protecting the machine identities of your IoT connected devices can lead to a zero-trust cloud environment and greater cyber resilience.

Take Control of Your Machine Identities With Automation and eliminate Outages
The IoT Landscape and Threats

Considering the inherent insecurity of connected devices, the threats facing organizations today often involve weakly-defended IoT equipment as the first line of attack. This is especially alarming as 94% of CIOs acknowledge some serious threat to their environment within the next year.

A snapshot of those concerns reveal:

  • Nearly half of CIOs see breaches as their biggest organizational risk
  • 39% see malware and ransomware as their biggest risk
  • 27% say resilience is a top three priority
  • 68% of IT and security professionals plan to use zero trust for device security; 42% actually do

Some risks specifically affecting IoT include:

  1. Built-in vulnerabilities: IoT devices are often shipped specifically for consumer use, without enterprise-grade encryption or security controls
  2. AI-based attacks: Bot-based attacks are getting better at mimicking user activity, more easily breaching the low-security defenses of many IoT devices
  3. Deepfakes in access controls: There are now ways to brute-force even the fingerprint biometrics on your phone
  4. More sophisticated attack methods: Attacks on IoT will become more advanced and harder to defend against as attackers begin to specialize in certain areas (reconnaissance, social engineering, graphic design)
  5. Hidden nation-state attacks: As poorly defended IoT devices yield successful attack returns, nation-states will increasingly hire cybergangs to leverage easy device infiltration and access bigger payloads

Considering there will be over 64 billion IoT devices in use by the end of 2025, it will be impossible to secure your organization and achieve a Zero Trust environment without securing all connected devices that make up your IoT.

Why Zero Trust for Devices is Important

Gartner predicts that by 2025, 99% of cloud security failures will be the customer’s fault. This means it falls squarely on the shoulders of the enterprise to protect the devices that connect to it.

To do this, organizations can establish an identity-based Zero Trust strategy. The National Institute of Standards and Technology (NIST) defines Zero Trust as “a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.”

In an identity-centric approach, human and machine identities are at the core of security policy creation, with access controls and policies based on assigned attributes. In this scenario, “the primary requirement to access corporate data and resources is based on the access privileges granted to the requesting user or machine.” So, Zero Trust is established based on cryptographic controls verifying the identity of the requesting machine.

Securing your devices is key to securing cloud access

“If a cybercriminal compromises a device and gains access to the [corporate cloud] environment, they can steal data, engage in a ransomware attack or carry out a malware campaign,” explains data and privacy expert Ambler Jackson. To prevent this, “organizations must have visibility into all connected devices and the ability to verify their identity before allowing access to cloud resources.”

As Venafi expert Ivan Wallis states that “in an on-demand environment, such as the cloud, Zero Trust bootstrapping systems require an identity right out of the gate. And in this type of machine-centric world, human nature doesn’t make sense as a checkpoint—we can no longer make gross assumptions on which external systems should be trusted.” Says Wallis, “In this sense, Zero Trust automatically assumes that a given activity is not allowed on a machine unless it falls within the acceptable security parameters for the user and function.”

For this reason, basing trust on secure digital identities (not general external systems) becomes key to establishing true Zero Trust in the cloud, and across your ecosystem.

Machine-IAM for your Devices

“To implement a Zero Trust strategy, organizations with mature cybersecurity programs use machine identity management. Verifying the identity of a device or a machine is the foundation of securing access to company resources, to include workloads that process data in the cloud,” states Jackson. In today’s threat economy, it is impossible to achieve zero trust without machine identity management.

Within each IoT device are thousands of machine identities or factors that establish the identity of the device and whether or not it can be trusted. As security expert David Bisson stated, “Machine identity management helps organizations gauge how much trust they can place in the identity of their machines,” which includes “credentials, such as secrets, cryptographic keys, X.509 and code signing certificates, and SSH keys.” According to Wallis, “Cryptographic keys and digital certificates are used to identify a machine and determine specific levels of trust. But this only works if you have a way of ensuring the integrity of those machine identities.”

A comprehensive machine identity management policy allows security teams to:

  • Achieve visibility of all deployed machine identities
  • Ensure ownership and governance
  • Protect associated cryptographic keys
  • Automate distribution and rotation of keys

Venafi Trust Protection Platform allows you to manage all TLS, SSH and code signing machine identities for all devices within your ecosystem. Ensure Zero Trust across your IoT by protecting machine identities in on-premises, cloud, cloud-native, multi-cloud, and hybrid environments.

Find out more about how Venafi Machine Identity Management can ensure Zero Trust for devices and improve cyber resilience.

Related Posts

Like this blog? We think you will love this.
Featured Blog

IoT and Machine Identity Management in Financial Services

How is IoT changing the financial sector?

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Anastasios Arampatzis
Anastasios Arampatzis

Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years of experience in evaluating cybersecurity and managing IT projects. He works as an informatics instructor at AKMI Educational Institute, while his interests include exploring the human side of cybersecurity.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more