Device Authority launches a 9-step framework to help businesses achieve a Zero Trust security posture in their enterprise IoT environments.
With the ever-increasing risk of cyber-attacks and the prevalence and reliance on IoT devices within the medical, industrial, and automotive industries, among others, threat actors have become increasingly likely to use vulnerabilities within these devices to gain access to an organization’s network and ultimately its applications and data. This increased threat landscape has the potential to affect enterprise operations and disrupt global supply chains.
The dynamic and evolving nature of IoT means that a Zero Trust approach is the only strategy to help businesses achieve total device, data, and operational trust for IoT deployments at scale. Device Authority’s 9 Core Capabilities Framework sets out the key components that must be addressed to implement this strategy.
Darron Antill, CEO of Device Authority comments, ““In reality, many measures are needed to ensure IoT data and applications are kept safe and secure, and this goes beyond any built-in security of the device itself. For example, what happens when IoT devices are outside the firewall as part of a rapidly accelerating landscape of machines, deployed at scale in mission-critical operations such as surgical robots, autonomous construction equipment, or other components of critical national infrastructure? Do your devices use keys and certificates and automatically enforce specific policies for managing those keys? How quickly can you lock those devices down in the event of an attack? Can you renew those device credentials to get your supply chain back in order? Can you be sure to trust the resiliency of your supply chain?
“Zero Trust means ‘Never trust, always verify’ and when you think about this in terms of IoT, the need for continuous authentication, verification, and authorization of devices at IoT Scale is critical. Automation plays a key role in enabling this scalability, and the 9 Core Capabilities framework includes addressing the need for automated device provisioning to protect device and data integrity, automated Public Key Infrastructure services to provide trust between machines, and a requirement for continuous assurance and threat validation to ensure devices are compliant with the latest legislation. This 9-step approach ensures that organizations understand the capabilities required to protect enterprise IoT devices throughout their entire lifecycle.
“The ability to ensure the integrity of data and IoT operations is critical to a successful connected environment, and these are just some of the steps outlined in our 9 Core Capability Framework to support businesses in achieving just that.”
Details of the framework can be found here, along with a quiz to assess your enterprise IoT readiness.
Source: Device Authority