Scalability Critical in Manufacturing IoT Cybersecurity

Manufacturers that deploy IoT applications have invested considerably in cybersecurity to help protect their brands and meet compliance requirements. Analysts routinely include security in their top IT trends, and this year is no exception. However, in today’s dynamic landscape, digital transformation is bringing exponential growth and rapid changes. A manufacturer might launch its IoT initiative by connecting a single product line, then rapidly scale to connect dozens more in just a few short months.

Increasingly, manufacturers are expressing serious scalability concerns related to their certificate authority (CA) solutions. All too often, manufacturers try to do PKI in-house or outsource their PKI needs to small CAs, only to be disappointed by scalability. As their organization grows and evolves, they realize that their infrastructure isn’t sufficient to support the global deployments at the size and scale they need. Many manufacturers then turn to proven third-party CAs with a strong track record to prevent future scalability issues. When doing so, they regret not having done so before as the opportunity costs add up.

Cybersecurity Manufacturing Can Be Inflexible

What makes public key infrastructure (PKI) for IoT device manufacturing so challenging? A primary issue is the inherent level of “stickiness” in digital certificates in IoT environments. Manufacturers must embed the roots of trust in their devices—each of which is configured to trust certificates that have been signed by a particular root.

However, if an organization needs to scale the infrastructure so that those roots are no longer being used, it must replace all of its certificates. The replacement process essentially requires building up trust again from the ground up.

Rebuilding is an expensive, time-consuming proposition for manufacturers that have already invested in infrastructure and paid for the creation of an entire security ecosystem, including roots, issuing CAs and device certificates. Business agility and time to market is essential, and a sudden request to build new infrastructure and determine how to update every connected device and endpoint can place a huge strain on IT resources, as well as productivity.

In certain cases, manufacturing devices can be updated remotely using wireless technology, which can help streamline the process. However, even today, many manufacturing devices will require an onsite visit from a service engineer to manually install or update software.

Under ideal circumstances, a manufacturer will discover any potential scalability issues at an early stage of a new initiative, during trials or a test environment. It’s better and more cost-efficient to handle security upfront, rather than applying PKI to devices that are already built and deployed. But in any case, companies need to secure all the things that they deploy or sell, and many companies are applying PKI to existing manufacturing IoT devices as well.

Best Practices Essential to Scaling Manufacturing IoT

It’s clear that scalability should be a primary consideration for manufacturers considering the deployment of a global PKI. Evaluating scalability as a key step in the deployment process can help them spot potential issues before they occur and take steps to mitigate them. As they plan for deployment, manufacturers should consider:

  • Volumes of certificates needing to be issued and managed.
  • The ability to create unique certificate profiles.
  • The ability to provision and manage certificates globally.
  • Automating aspects of the certificate life cycle (provisioning, renewal, etc.).
  • Automating the creation of issuing CAs.

It’s also important for manufacturers to determine whether they have the ability to create intermediate roots on demand. The infrastructure and solutions manufacturers choose must be able to support thousands, or potentially millions, of certificates on a daily or weekly basis.

Manufacturers will not only need an infrastructure that can support those volumes but also the back-end processes required to enable the management of those volumes.

It’s no secret that IoT moves fast, and connected manufacturers are under more pressure than ever to keep pace with exponential growth. But with some advance planning, manufacturers can take the steps needed to scale their cybersecurity infrastructure, even when unexpected changes emerge. Investing upfront with a PKI vendor that specializes in reliable and scalable architectures for the world’s largest deployments can save money over the long run—and avoid running up opportunity costs.

Mike Nelson

Featured eBook
The Bot Problem: Effective Detection, Analysis & Blocking

The Bot Problem: Effective Detection, Analysis & Blocking

Bots account for 50% of all web traffic. In the U.S. alone, threat actors will cause over $12 billion in losses by next year. How do companies fight against the ever-multiplying barrage of bot attacks from bad actors? Security experts across all industries face the same challenge: how do I improve defenses against bot-generated traffic? This ebook reveals ways ... Read More
Signal Sciences

Mike Nelson

Mike Nelson is the VP of IoT Security at DigiCert, a global leader in digital security. In this role, Nelson oversees the company’s strategic market development for the various critical infrastructure industries securing highly sensitive networks and Internet of Things (IoT) devices, including healthcare, transportation, industrial operations, and smart grid and smart city implementations. Nelson frequently consults with organizations, contributes to media reports, participates in industry standards bodies, and speaks at industry conferences about how technology can be used to improve cyber security for critical systems and the people who rely upon them. Nelson has spent his career in healthcare IT including time at the US Department of Health and Human Services, GE Healthcare, and Leavitt Partners – a boutique healthcare consulting firm. Nelson’s passion for the industry stems from his personal experience as a type 1 diabetic and his use of connected technology in his treatment.

mike-nelson has 4 posts and counting.See all posts by mike-nelson