IoT’s security needs point to an increased role for PKI

by John Grimm on September 27, 2018

Companies in every sector have embraced digital transformation, backed by IoT initiatives, as the silver bullet to gain a competitive edge. IoT projects have the potential to streamline operations, create new revenue streams, and improve customer service through collection and analysis of data from a variety of IoT devices. But if organizations aren’t able to trust their devices or the data they produce, is there really a point to collecting this data in the first place? In order to achieve digital transformation goals, a foundation of trust for IoT deployments must be established – and best practice-based public key infrastructure (PKI) provides some of the key ingredients.

For the past four years, Thales eSecurity has teamed up with the Ponemon Institute to study PKI trends, and this year, IoT has emerged as the fastest growing driver for the use of PKI. This year’s study polled more than 1,600 IT and IT security practitioners across the globe. It reinforces the fact that PKI provides important core authentication technologies for a wide variety of enterprise applications – and that the IoT is the next major use case on the horizon. In fact, since 2015, the influence of the IoT as a trend driving PKI deployment has more than doubled, from 21 percent to 44 percent. And, respondents indicate that they expect 42 percent of their IoT devices will use digital certificates for authentication within two years.

Another finding of the report is that many enterprises have been investing in strengthening the security controls that they use for their PKI. And that’s good news for those that want to leverage that investment for their IoT deployments. When it comes to IoT device authentication, you don’t need to start from scratch – you can leverage the foundational, proven technology you’ve invested in and already depend on today for your core enterprise applications. However, existing PKI deployments also tend to suffer from ownership challenges and skill/resource shortages – interestingly, these are the same issues that have plagued many IoT pilots and proof of concept projects!

What do these findings mean for global organizations that are still struggling to implement stronger security around their PKI? Well, they should be a call to action – because it’s not going to get any easier. This study reveals that enterprises on average support eight different applications with their PKI – and much like how cloud applications drove that number up over the past few years, we can expect the IoT to follow the same pattern. The time to assess the readiness of that PKI foundation for the next set of functional and scalability requirements is now.

Any way you look at it, securing IoT starts with trusting devices and trusting the data they generate. The results of this study show there is growing recognition that PKI provides important core authentication technology for the IoT. Organizations must not only tend to the digital certificate needs of today, but must also simultaneously prepare for the future – a future with never-before-seen diversity and scale.