Internet of Things Authentication Is “On the Rise” According to Gartner

The past few months have seen increased attention regarding the importance of IoT identity technology. Most recently, Gartner has added “Internet of Things Authentication” in the Innovation Trigger phase of its Hype Cycle for Identity and Access Management Technologies, 2019¹ (available to Gartner subscribers)(August 2019). The report identifies Sectigo as a Sample Vendor of Internet of Things Authentication, and further cites a “high” benefit rating of the technology.

Gartner has noted that Internet of Things Authentication is “On the Rise,” and has defined the technology this way:

• “IoT Authentication is the mechanism of establishing trust in the identity of a thing (device, etc.) interacting with other entities, such as devices, applications, cloud services or gateways operating in an IoT environment. Authentication for the ‘things’ in IoT takes into account potential resource constraints of IoT devices, the bandwidth limitations of networks they operate within and the mechanized nature of interaction among various IoT entities.”

• In addition, Gartner notes that “Custom IoT implementations across multiple devices and IoT realms in industries such as healthcare, logistics and supply chain, smart homes, smart grids, automotive transportation, and retail will benefit from emerging IoT authentication standards.”

Forrester has also emphasized the importance of IoT Authentication. The analyst firm’s “The State of IoT Security, 2018,” report notes that security and risk professionals must increase investment in several solution segments, including IoT PKI, as well as IoT Authentication. “IoT authentication solutions provide users the ability to authenticate to an IoT device, including managing multiple users of a single device (such as a connected car), and can range from simple static passwords and PINS to more-robust authentication mechanisms such as two-factor authentication (2FA), digital certificates / PKI, and biometrics,” the report states.

Private PKI is the Most Secure IoT Identity Solution

When it comes to providing identity for IoT devices, there is no better solution than private PKI. The widespread availability of private CA alternatives, including Microsoft CA, attests to this fact. Of course, single-environment CAs are of decreasing value as the complexity and dynamic nature of our modern enterprise architecture increase. A mixture of Microsoft and Linux environments in the data center, PC and Mac on desktops, and iOS and Android on mobile has forced enterprises to become platform agnostic. Throw in one or more public cloud service, and the need for broadly applicable PKI is beyond doubt.

Sectigo’s Private PKI offering is a complete, managed PKI solution that allows users to automatically issue and manage private certificates for all non-Microsoft devices and applications used by your business.

Private PKI is a critical technology, and one that is central to Sectigo’s overall story. Everything Sectigo does in private PKI is anchored in identity management for IoT devices. We take great care in how we integrate our technology with these devices, and how we review its capabilities. You need look no further than the Mirai Botnet to see why this is important—the damage that can be done by unsecured IoT devices is immense. Thanks to poorly secured devices using either hard-coded or unchanged default credentials, hackers were able to infect countless devices to enable DDoS attacks around the world. And while DDoS attacks are damaging, there are plenty of other malicious purposes for which these devices could potentially be used—many of which include stealing personal or business-related information.

Purpose-Built IoT Authentication

Sectigo stands among the market leaders in this area because our solution is purpose-built for IoT. What does that mean? Whereas public-facing equipment needs a public-facing certificate and all of the authentication, validation, and scrutiny that goes along with it, the certificates that secure IoT devices need to be able to handle the size and scale of the IoT network. That includes automatic, protocol-based issuance and provisioning based on user-provided specifications tailored to the needs of the enterprise.

We even have built-in flexibility regarding when and how Sectigo certificates are issued. We can do it with a cloud-based issuance system or an on-premises CA right there in the device factory—and we’re the only CA on the market to give you that choice. These features complement secure boot, secure element integration, secure and remote updates and alerts, and other features to keep your IoT devices as safe as possible.

There are more IoT devices in use today than there are humans on the planet earth, and billions more will enter the market over the next several years. It’s encouraging to see IoT authentication services gaining more attention in the cybersecurity community, and we are proud to continue offering a market-leading private PKI solution.

A recent White Paper, “Leveraging PKI to Secure Connected Devices and Enable IoT Business Models,” explains how the Sectigo IoT Security Platform removes the complexity of PKI for device manufacturers, enabling them to concentrate on developing products, instead of managing a trust model.

¹Gartner Hype Cycle for Identity and Access Management Technologies, 2019, Ant Allan, 2 August 2019

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.