View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Networks
August 26, 2020updated 27 Aug 2020 9:41am

The Insecure IoT Device Free-for-All Needs to be Urgently Tackled

"Legislative bodies are switching on to the need for improved digital identity policies, but action remains tentative"

By CBR Staff Writer

Digital identities, in the age of hyper-distributed IT, are increasingly gaining importance, writes Alan Grau, VP of IoT/Embedded Solutions, Sectigo. Secure authentication of devices, communications and data is now imperative, with everyone working from home and becoming increasingly reliant on connected devices, often with only basic levels of encryption.

In the UK, public concern keeps growing around the repeated delays to the proposal of legislation designed to address the urgent issue of digital identity. Leading UK technology trade body Tech UK wrote to the UK Government in late July, calling for decisive measures to address what they found to be inadequate levels of action.In the same month, the European Commission announced plans to revise the Electronic Identification, Authentication and Trust Services (eIDAS) regulation, setting out a series of consultations on how digital identity practices can be improved.

Alan Grau, VP, IoT/Embedded Solutions, Sectigo

Legislative bodies are switching on to the need for improved digital identity policies, but action remains tentative. This comes at a crucial moment, as IoT devices are in particular need of decisive legislative steps to protect digital identities.

IoT and the need for secure digital identities

Internet of Things devices are increasingly fundamental to almost every industry. Aviation? GPS tracking models increasingly run across a connected network. Healthcare? IoT devices, whether they be insulin pumps or defibrillators, are on the frontlines of patient monitoring and emergency response. These sectors, where IoT devices are mission-critical, cannot afford to be breached. If device digital identity is not secured in the healthcare or aviation industry, lives are at risk.

Even simply looking at the sheer volume of IoT devices in use today, both in enterprise networks and consumer households, it is clear that securely authenticated digital identities are an urgent priority. IoT growth remains on an unstoppable course, with analyst house IDC predicting that by 2025, there will be 41.6 billion connected IoT devices in use. At such numbers, IoT authentication becomes an elemental piece of the puzzle if we want to avoid an ever-expanding host of poorly secured devices which leave the entire network vulnerable to breaches, outages and data loss.

Connected devices create a sensor-rich network which means improved functionality and potential revenue growth for organisations, but they also come with significant business and compliance risks. These begin to outweigh the strategic benefits unless businesses and governments prioritise securing digital identities.

It is readily apparent that the current model of implementing secure digital identities for IoT devices is insufficient, but it is one thing to highlight an inadequate system and another to be able to change the model.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Now is the time to reevaluate IoT supply chains

It is absolutely paramount that properly authenticated device identity is in-built into devices at the point of manufacture.

In the absence of a clear legislative agenda to create IoT devices with an authenticated digital identity, manufacturers have been able to churn out devices lacking authentication, with often only static credentials as a barrier for cybercriminals.

Unless security becomes mandated, manufacturers will continue to cut corners at the expense of safety. Modern supply chains are now so convoluted and complex that devices in their millions are being shipped out with insecure chipsets, creating digital identities for devices that lack authentication. Manufacturers need to lean on solutions and technologies that provide identity management at the device level.

Ensuring secure digital identities for IoT devices needs to be a continuous, automated process but this needs to start at the point of manufacture and continue throughout the device lifecycle.

Best practices for securing digital identities for IoT devices

Enterprise networks that rely on IoT devices need to have a management system that ensures devices are secure and authenticated. With hundreds and possibly thousands of devices now making up enterprise networks, a single device which lacks properly secured digital identity can render the whole network insecure.

A centralised management system can identify every single device across the network, and therefore crucially identify any device lacking authentication or a secure digital identity, ensuring that each device has the relevant firmware to be protected from intrusion attempts and malicious cybercrime.

Identity management solutions can ensure that each device across the network has authenticated certificates to verify the identity of the device, whilst also ensuring that each connected device has in-built PKI solutions to protect the network and device from malicious actors.

IoT devices may have ongoing security concerns, but they are becoming increasingly central to business operations by the day. As such, it is more important than ever that enterprises take proactive steps to secure the digital identities of these mission-critical solutions.

See also – New IoT Security Regulations: The Devil’s in the Detail


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.