By Josh Jabs, Vice President of PKI and IOT Solutions
The digital revolution is creating significant disruption for security professionals. Years of learnings around digital security led to best practices, which eventually became standards, security frameworks and audit regimes. These practices were largely founded on static enterprise architectures. These architectures have changed over time, but changes were incremental and so were the adjustments to the security approaches. However, the digital revolution is being accompanied by more transformative changes to architecture and process. Characteristics of this change include a vastly expanded edge architecture with connected things playing a larger role and, in many cases, bringing new operational requirements, a shift to the cloud, increased interactions and new data driven offerings. Understanding the risk in these models is challenging – often creating either a bottleneck for adoption or uncertainty around the risk profile of new offerings.
Digital businesses can leverage PKI technology to effortlessly add new applications and offerings without boosting the level of risk they face.
This environment has triggered an acceleration in the interest in and adoption of public key infrastructures (PKIs). Due to their inherent ability to provide trust at scale, accelerate application deployment and secure interactions through authentication, encryption and signing, PKIs have the potential to clear up the confusion surrounding the evolving architectures and processes of today’s digital businesses.
A background on PKI
PKIs address a number of relatively common needs in digital businesses. Given the potential for disruption and opportunities to expand business models and create efficiencies, top level executives are pushing innovation projects that involve rapid development of the cloud, mobile, networking and IoT related technologies. As urgency to move forward with such projects ramps up, security controls need to be in place to ensure businesses achieve their digital objectives at acceptable levels of risk. That’s where PKIs can make all the difference. PKIs enable organizations to embed a level of trust in their infrastructures by issuing authorized people and connected things an identity, then using those identities to enable secure interactions through authentication, encryption and signing. It was designed to manage this trust at scale and is equally adept at handling things and people, a bridge that most technologies don’t cross.
Years ago, PKIs were created to help governments, banks and enterprises manage human users along with enterprise infrastructure. Instead of spending time on it themselves, businesses can rely on PKI to manage both simple and complex trust models at scale. On top of such benefits, centralizing PKI deployments also enables businesses to cut down on their need for specialized skill sets and even optimize costs. Better yet, digital businesses can leverage PKI technology to effortlessly add new applications and offerings without boosting the level of risk they face. Still though, perceived high costs and complex management requirements caused the technology to be ignored for the past few years.
A sudden resurgence
Changing buying preferences (cloud acceptance) and interactions between today’s systems and users have breathed new life into PKI. The technology’s distributed and dynamic security capabilities have found new use in a wide range of situations, including machine-to-machine scenarios. Continued growth with the proliferation of managed services, adoption of mobile devices, advancing standards and best practices, and simplified deployment and operational requirements have positioned PKI to play an increasingly important role in digital ecosystems.
Digital businesses are usually centered around three key factors – low cost connectivity, rapid innovation techniques and backend analytics. Often times, these capabilities are used to improve the efficiency of existing business models or uncover new forms of revenue generation. Rather than focusing solely on the user experience, businesses must now also pay special attention to the interactions between users, things and systems. The context in which these three connect with one another has changed – requiring a new lens through which businesses must view security. User-centric security measures must now be augmented or replaced with an approach based on trust across a large variety of entities. With their ability to issue, track, update, revoke and manage identities in a digital ecosystem, PKIs are the right tool for the job.
PKI, Security and the IoT
The IoT has introduced greater efficiency and more convenient user experiences across a wide range of industries. It’s important to note, however, that as the number of connected devices increases, so does the need for a trusted ecosystem. Devices built for a closed environment are designed to trust anything and everything on their limited network. When it comes to a connected environment, often involving traffic sent over the Internet, that won’t quite cut it. Models within the IoT should extend trust to devices, people and third parties. Keep in mind that areas quickly advancing toward user-based identities may not always translate well to an environment made up of devices. Support of usernames and passwords can often lead to IoT failures down the line. In order to avoid such a fate, enterprises should invest their time in identifying a scalable way to keep both “non-human” identities and their interactions secured. A trusted ecosystem will help keep untrusted devices off networks by establishing protected identities for devices, people and third parties.
To ensure such data stays safe, even in transit, device identities should be managed as they move through their supply chain and operational lifecycle. By accounting for the unique needs of operational environments, solutions that build on PKI can help turn this management process into reality and extend the value into operating environments. As the home to non-human identities of devices, applications, and many unseen systems, complex digital ecosystems need security measures now more than ever. Through a simplified user experience and deployment model, today’s PKIs provide just that.
The digital revolution has reintroduced PKI to businesses aiming for stronger security. As the IoT and cloud take on larger roles within digital businesses, PKI will continue to grow in importance.
About Josh Jabs
Joshua Jabs is vice president at Entrust Datacard and is responsible for security technology innovation, Alliances and Entrust Datacard’s PKI and Internet of Things solutions. Prior to joining Entrust Datacard in 2009 he directed investor engagements as an equity analyst in the security and financial technology sectors at Piper Jaffray and Roth Capital Partners and held roles within the U.S. government in areas dealing with emerging technology investments and security research. He holds an M.B.A., master’s in electrical engineering and is a distinguished graduate in electrical engineering from the United States Air Force Academy. For more information on Entrust Datacard’s authentication capabilities, visit www.entrustdatacard.com.