Device Authority, a pioneer in Identity and Access Management (IAM) for the Internet of Things (IoT), announced it has been accepted into the Venafi Machine Identity Protection Development Fund. For decades, code signing has been used to verify the integrity of software, and nearly every organisation relies on it to confirm their code has not been corrupted with malware. Code signing keys and certificates are used in a wide range of products, including firmware, operating systems, mobile applications and application container images.
Unfortunately, organisations often struggle to secure and protect code signing operations because they don’t have a solution that allows them to consistently enforce policies across locations, tools and processes. As enterprises embrace and adopt IoT devices, code signing usage will continue to grow at an exceptional rate. Many organisations use home-grown solutions to fulfill code signing requirements for IoT use cases, but these tools often lack the visibility, automation and intelligence needed for proper protection.
Automated solution
Historically speaking, it’s very difficult to secure code signing operations for IoT devices
Using their sponsorship from Venafi, Device Authority will provide a new turn-key code signing and update delivery extension to KeyScaler powered by Venafi Next-Gen Code Signing to connect security team policy and controls to secure the code signing process. Device Authority’s KeyScaler platform provides an automated solution to provision unique certificates, signed by a pre-configured Certificate Authority, to IoT devices – without requiring any human intervention. Additionally, Device Authority will create a new Certificate Authority service connector for the Venafi Platform.
This will allow KeyScaler customers to use the Venafi platform as a source for certificate issuance. "Historically speaking, it’s very difficult to secure code signing operations for IoT devices,” said Kevin Bocek, vice president of security strategy and threat intelligence for Venafi. “When developers sign code, IoT updates can be ripe for attack. As we’ve seen with Stuxnet, stolen code signing keys and certificates are powerful cyber weapons.”
IoT cyber security
“Attacking the code signing process can provide cyber attackers with control over a fleet of IoT devices. We’re pleased to work with Device Authority, a global IoT cyber security leader, to integrate with Venafi Next-Gen Code Signing to protect IoT.”
“Venafi is a technology pioneer in the machine identity protection market. They understand the challenges of protecting IoT device identities and the applications they send data to. Being accepted into their development fund is a huge success for the Device Authority team and we are excited to complete the development and integration in the coming months,” said James Penney, CTO of Device Authority.
Comprehensive protection for machine identities
Venafi’s Machine Identity Protection Development Fund is a $12.5 million initiative to protect all machine identities. Funded developers will create integrations that accelerate the delivery of comprehensive protection for machine identities across complex enterprise networks. The Development Fund is a global initiative and will increase the visibility, intelligence and automation required for machine identity protection.
The Machine Identity Protection Development Fund encourages recipients to build integrations across any technology that creates or consumes machine identities, including:
- Cloud and hybrid cloud infrastructure.
- DevOps.
- Containerisation.
- Secure Shell (SSH).
- Code signing.
- Robotic Process Automation (RPA).
- Artificial intelligence, machine learning and big data analytics.
- IoT
- Blockchain distributed ledger technology
