IoT Security: Internet of Things now driving PKI uptake, says report

IoT Security: Internet of Things now driving PKI uptake, says report

Security technology specialist Thales has announced that the Internet of Things (IoT) is the fastest- growing trend in the deployment of applications that use public key infrastructure (PKI).

IoT deployments of PKI have grown by 23 percent since 2015, according to a new report sponsored by the company.

The 2018 Global PKI Trends Study, based on independent research by the Ponemon Institute, reveals continued and increased reliance on PKI as a “core enterprise asset and a root of trust”.

Over the past few years, cloud applications, and now the IoT, have been the newest disruptors to future PKI planning, as organisations not only tend to their existing digital certificate needs, but also prepare for a future of greater technology diversity and scale.

Specialist hires

While many of the traditional challenges to PKI adoption remain, such as a lack of clear ownership (cited by 70 percent of respondents), Thales reports that organisations are increasingly hiring PKI specialists and investing in extra security controls, such as multi-factor authentication (reported by 62 percent).

The findings, which reflect the responses of 1,600 IT security practitioners, demonstrate the current state of PKI maturity, while hinting at future trends.

Those findings include:

  • In the next two years, 42 percent of IoT devices will use digital certificates for authentication.
  • As the IoT continues to grow, 27 percent of security professionals believe PKI for device credentialing will reside in the cloud, with 43 percent predicting a combination of both enterprise and cloud.
  • Enterprises are beginning to encrypt data from IoT devices, with 49 percent of respondents either extensively or partially encrypting their connected-device data.
  • Ranking the key PKI capabilities for IoT deployments, 45 percent of respondents cited scalability to millions of managed certificates as the most important, followed by the 39 percent who cited online revocation.
  • The use of hardware security modules (HSMs) to secure PKI digital certificates and enable strong authentication has increased to 39 percent, according to survey respondents.
  • Forty-four percent of companies in the healthcare/pharmaceutical sector believe the IoT is one of the top two trends driving the deployment of PKI applications.
  • The industrial/manufacturing sector has led the charge in PKI usage, with an average of 43,000 certificates under management.

Digital transformation

John Grimm, senior director of security strategy at Thales eSecurity said, In this era of digital transformation, where companies are deploying digital technologies to improve their operations, deliver value to customers and gain competitive advantage, IoT initiatives invariably are the backbone of those efforts.

Huge amounts of data are generated by, and collected from, a rapidly growing number of IoT devices, with the cloud playing a pivotal role in IoT solutions of the future.

But there’s no point in collecting and analysing that data, and making business decisions based on it, if you’re not able to trust the devices or their data. For safe, secure IoT deployments, organisations need to embrace time-tested security techniques, like PKI, to ensure the integrity and security of their IoT systems.”

Dr Larry Ponemon, chairman and founder of The Ponemon Institute, added: In previous years, we highlighted PKI as an established technology positioned to tackle the authentication needs and challenges to support the rise of cloud applications.

Now, the C-suite is challenging its teams to leverage IoT to improve and drive business. With this comes the increased risk of more endpoints to protect, and the need to understand the role of PKI as a critical enabler. At the same time, this underscores the need for further advancement in skilling and resourcing related to PKI, and the overall ownership within the organisation.”

Source: Press release.

Internet of Business says

As the IoT grows and becomes increasingly diverse, Thales is right to say that trust is paramount, in industry and corporate applications, but in consumer deployments too.

Here are some of our most recent report on IoT security:

Chris Middleton
Chris Middleton is former editor of Internet of Business, and now a key contributor to the title. He specialises in robotics, AI, the IoT, blockchain, and technology strategy. He is also former editor of Computing, Computer Business Review, and Professional Outsourcing, among others, and is a contributing editor to Diginomica, Computing, and Hack & Craft News. Over the years, he has also written for Computer Weekly, The Guardian, The Times, PC World, I-CIO, V3, The Inquirer, and Blockchain News, among many others. He is an acknowledged robotics expert who has appeared on BBC TV and radio, ITN, and Talk Radio, and is probably the only tech journalist in the UK to own a number of humanoid robots, which he hires out to events, exhibitions, universities, and schools. Chris has also chaired conferences on robotics, AI, IoT investment, digital marketing, blockchain, and space technologies, and has spoken at numerous other events.