IoT and the resurgence of PKIs
With the digital revolution in full swing, security methods and models need to be re-evaluated to better address both the changing nature of enterprise architectures and processes. While the proliferation of mobile devices and analytics has vastly improved user experience over the past several years, the challenges of user-to-things security and securing a greatly expanded edge architecture remain unsolved.
One approach is making its resurgence as a result of the IoT and cloud – public key infrastructure (PKI) – and has the potential to close these security gaps for today’s digital businesses.
Brief history and resurgence of PKI
PKIs provide every authorized person, device and app in the ecosystem with a trusted identity – and enable secure interactions via authentication, encryption and signing. They were first developed for governments, banks and enterprises to manage human users and enterprise infrastructure. The key benefit of PKI is its ability to manage trust models, whether simple or complex, at scale.
In addition to the security and scale benefits, centralizing PKI deployments enables businesses to optimize costs, reduce dependencies on specialized skill-sets, and increase agility by enabling the seamless addition of new applications and offerings without increasing risk to the organization.
Despite these benefits, the technology was long overlooked due to a perception of high computational costs and complex management requirements. However, PKI has continued to grow with the acceptance of managed services, years of advancing standards and best practices, and technical improvements simplifying deployment and operational requirements.
At its core, digital business uses lower cost connectivity, rapid innovation techniques and backend analytics to disrupt existing business models for better efficiency or new forms of revenue generation. This takes us from today’s heavy focus on the user to a need to handle interactions between users, things and systems. The transformed world of connected people, devices and applications requires a new lens from which to view security. This means a shift from traditional password and user-centric security to an approach based on trust across a large variety of entities. Ensuring trust in this fashion is an inherent advantage of PKI with its ability to issue, track, update, revoke and generally manage identities in a digital ecosystem.
Securing the IoT
The IoT is growing rapidly, with many enterprises across industries tapping into connected devices to increase business efficiency and enable a more convenient user experience. But with an increasing number of connected devices comes a need for a stable ecosystem, with trust models extending to devices, people and third parties.
After all, the areas advancing most quickly for user based identity don’t always translate well to the world of devices and a reliance on static passwords is the underlying cause of many of the most visible IoT failures. This means enterprises need a scalable way to keep “non-human” identities and their interactions secured. A trusted ecosystem keeps untrusted devices off networks by establishing protected identities for devices, people and third parties.
Ideally, devices should securely authenticate and be managed through authorization policies. Data must be secured on device and in transit. Device identities should be managed as they move through their supply chain and operational lifecycle – which is made possible by PKI with some adjustments required in operational environments. They offer a proven, standardized, scalable technology and process for creating a trusted environment.
With a more simplified user experience and deployment model, today’s PKIs safeguard against the potential vulnerabilities of complex digital ecosystems that now include the non-human identities of devices, applications and hundreds of unseen systems as part of the IoT.
As the IoT and cloud continue to advance, enterprises can expect to see the role of PKIs play a larger role in the overall security ecosystem.