The term IoT, or the Internet of Things, is usually presented with a set of superlatives about growth and opportunity. Devices such as electronic controllers and sensors have existed in closed systems such as the automotive industry since the late 80’s and in industrial environments for even longer. Data that was considered useful only for real-time operations in a car or a utility plant is now a valuable digital asset if it can be utilized within a transactional system such as a cloud analytics platform. The ability for a device vendor to perform post-sale monitoring and control of their product has resulted in business models most had never considered. New service delivery models are increasing and diversifying revenue streams for vendors.
Enabling this opportunity requires a trusted ecosystem. Devices that are purpose built for a closed environment typically trust everything on their limited network. A ‘trust everything’ model will obviously not work in a connected environment. Successful enablement of IoT will require trust models that extend to devices, people and across third parties. How can this be accomplished?
In the previous blog in this series titled, Building Your Digital DNA: PKI and the Identity Evolution it was stated,“PKI offers our customers a proven, standardized, scalable technology and process to create a trusted environment and manage the identities of everything in it, human and non-human alike.”
A trusted ecosystem keeps untrusted devices off of networks by establishing trusted identities for devices. Ideally, devices should securely authenticate and be controlled through managed authorization policies. Data must be secured on device and in transit. Device identities should be managed as they move through their supply chain and operational lifecycle. Underlying all of this is PKI.
A security solution that offers this should also be sensitive to the operational realities of OT environments. IoT devices have a wide spectrum of capability, but are generally constrained. Scalable IoT requires identity lifecycle management including provisioning. This is different from the PKI that only addresses human beings that can interact at a highly capable console like a PC or mobile device. This requires a purpose built IoT security platform.
Ideally this security platform should make it easier to bring IoT products to market. It should enable third parties to bring new business models to market together. Just as PKI is the underlying technology that secures the identities and transactions of today, it will help us to securely engage in a world where our lives will rarely leave some form of connected computing environment. Digital businesses will be more connected, more aware and more agile thanks to a secure IoT.
Up next week in our in our Digital DNA blog series we'll talk about PKI and Cryptographic Disruptors.