Thales Blog

Are Today’s PKIs Prepared To Manage Tomorrow’s IoT Device Authentication Demands?

October 14, 2016

pki-and-iotWe live in a world where the methods used to prove one’s identity can take many different forms – as simple (and weak) as a password, as complex as a biometric, or simply showing your driver’s license.  When it comes to proving the identity of a device that a human is using or is responsible for, the means that are available for authentication depend on the capabilities of the device.  And we’re quickly entering an era where the number and types of devices that are online and connected reaches a scale that stands to push authentication infrastructures as we know them today well past their limits.

Click to Tweet: Is your PKI Infrastructure ready for tomorrows IoT? @johnrgrimm

Leading global analyst house Gartner predicts that by 2020, 20.8 billion devices will be connected to the internet.  Public Key Infrastructure (PKI) technology to issue digital certificates for identification and authentication has been used effectively for more than two decades; however, the rapidly escalating burden of device authentication and huge proliferation of data sharing is set to pile an unprecedented level of pressure onto existing PKIs, resulting in a huge challenge for security professionals across the globe.

Our latest PKI Global Trends Study – conducted by the Ponemon Institute – gleaned key insights from over 1,500 IT and IT security professionals in 11 countries to better understand the use of PKI in organizations today, and the looming challenges associated with the Internet of Things (IoT).

This year, over one in four (26%) practitioners indicated that when planning the evolution of their PKI, new applications such as the IoT would cause changes – a 12% increase from 2015, and the largest year-over-year increase of all the change sources presented in the survey. Additionally, the IoT was cited as the third most significant trend driving the deployment of PKI-enabled applications, behind cloud-based services and consumer mobile.

So what does this mean for security professionals?
Well, given the clear importance of PKI technology in the age of the IoT, we believe organizations need to double down on creating a security infrastructure which can scale to never-seen-before levels and support the varying levels of trust and rules of engagement among highly diverse device types.   While the study demonstrates that many organizations have elevated their adoption of PKI best practices in response to the need for higher assurance, including strong authentication (52%) and Hardware Security Modules (32%), they also reveal that lower security options like passwords are still prevalent (34%) - which is concerning not only in light of today’s increased demands but for the changes that are quickly coming.

With Gartner also predicting that more than one in four identified cyber-attacks in enterprises will involve IoT, it is clear that authentication should have an important place on the agenda for those in charge of data security. A secure and trustworthy PKI is a core foundational element for data security – and its role has never been more significant.