Plus a look at what they’re doing to strengthen security going forward
The Internet of Things (IoT) hasn’t just arrived – it’s exploding before our eyes.
Every “thing” is now connected: think watches, doorbells, medical devices, vehicles, the list goes on. And all of these things are deeply ingrained in our everyday lives. So much so that we hardly even notice these connections anymore; they just seem normal.
On the one hand, this is a good thing, as it offers incredible opportunities for innovation. On the other hand, it’s a serious security challenge, as each connection point is a vulnerability just waiting to be exploited.
That was the premise behind a recent Pulse and Keyfactor study, which surveyed 100 product and manufacturing leaders about their IoT deployments, their security strategy, and the challenges they face. Here’s what we learned.
62% are significantly or moderately concerned about the security risk of their connected IoT devices
The majority (62%) of respondents are significantly or moderately concerned about the security risk of their connected IoT devices, and 53% rate tracking their complete inventory of IoT devices in the field as the top security challenge they face.
Given that IDC reports there will be 55.7 billion connected devices by 2025, challenges around tracking inventory in the field aren’t surprising. But they are concerning, since each of these devices will need to be secured, and that requires keeping a pulse on what each one needs and how to share updates as devices go offline or move locations.
To that end, only 43% of respondents feel they have a solid strategy for updating security when algorithms or standards change. This is also troubling, as cryptographic standards and security protocols will inevitably change over the decade-plus that today’s IoT devices will live in the field. As these standards evolve, device manufacturers must have a clear way to update their devices remotely. This includes securely pushing firmware updates, revoking authentication, and re-enrolling certificates as needed.
Only 42% have a clear strategy regarding their device identities
Alarmingly, only 42% of respondents have a clear strategy regarding their device identities. This is so alarming because one of the most important strategies for protecting IoT devices centers around unique identity provisioning.
This type of identification controls who can communicate with a device, including what information they can send the device and what they can do with the device. Without these unique identities, it becomes extremely challenging to dictate who can and can’t interact with devices – which opens the door for malicious activity.
Looking further, respondents rate IT infrastructure (59%) and compliance visibility (52%) as the biggest challenges in implementing device identities. To resolve these challenges, organizations need a clear public key infrastructure (PKI) program that can support standardized and centralized certificate lifecycle management. Specifically, a modern PKI program will enable security teams to maintain a clear view of certificates throughout their entire lifecycle and manage updates in an automated way. This approach not only provides the infrastructure needed to manage identities at scale, but it also provides better visibility into those identities.
30% say their approach to security implementation needs improvement
Fortunately, manufacturing leaders recognize these shortcomings and understand the importance of changing their approach, with 30% saying their security implementation needs improvement. As part of those improvements, 51% of respondents want to focus on lifecycle management for IoT devices.
This awareness is an important first step, especially at a time when the IoT landscape is still evolving, and so are the security standards along with it. The best steps manufacturers can take right now is to look closely at the unique needs of their devices, their company, and their customers and then use that information to make security decisions. No matter what exactly those needs look like, the way forward will no doubt center around identification and lifecycle management – and the good news is that manufacturing leaders have already started to narrow in on these areas as being important to their overall security strategies.
Understanding IoT device security in 2022 and beyond
Although there are a lot of improvements to be made when it comes to IoT device security, the future isn’t all bleak. Quite the opposite: Manufacturers are well aware of the challenges they face currently and are working on plans to improve their approaches.
With that in mind, what does the landscape for IoT device security look like in 2022 and beyond? Read the full study from Pulse and Keyfactor to find out.