Download PDF version Contact company

Device Authority, a pioneer in Identity and Access Management (IAM) for the Internet of Things (IoT), announced it has been accepted into the Venafi Machine Identity Protection Development Fund. For decades, code signing has been used to verify the integrity of software, and nearly every organisation relies on it to confirm their code has not been corrupted with malware. Code signing keys and certificates are used in a wide range of products, including firmware, operating systems, mobile applications and application container images.

Unfortunately, organisations often struggle to secure and protect code signing operations because they don’t have a solution that allows them to consistently enforce policies across locations, tools and processes. As enterprises embrace and adopt IoT devices, code signing usage will continue to grow at an exceptional rate. Many organisations use home-grown solutions to fulfill code signing requirements for IoT use cases, but these tools often lack the visibility, automation and intelligence needed for proper protection.

Automated solution

Historically speaking, it’s very difficult to secure code signing operations for IoT devices

Using their sponsorship from Venafi, Device Authority will provide a new turn-key code signing and update delivery extension to KeyScaler powered by Venafi Next-Gen Code Signing to connect security team policy and controls to secure the code signing process. Device Authority’s KeyScaler platform provides an automated solution to provision unique certificates, signed by a pre-configured Certificate Authority, to IoT devices – without requiring any human intervention. Additionally, Device Authority will create a new Certificate Authority service connector for the Venafi Platform.

This will allow KeyScaler customers to use the Venafi platform as a source for certificate issuance. "Historically speaking, it’s very difficult to secure code signing operations for IoT devices,” said Kevin Bocek, vice president of security strategy and threat intelligence for Venafi. “When developers sign code, IoT updates can be ripe for attack. As we’ve seen with Stuxnet, stolen code signing keys and certificates are powerful cyber weapons.”

IoT cyber security

“Attacking the code signing process can provide cyber attackers with control over a fleet of IoT devices. We’re pleased to work with Device Authority, a global IoT cyber security leader, to integrate with Venafi Next-Gen Code Signing to protect IoT.”    

“Venafi is a technology pioneer in the machine identity protection market. They understand the challenges of protecting IoT device identities and the applications they send data to. Being accepted into their development fund is a huge success for the Device Authority team and we are excited to complete the development and integration in the coming months,” said James Penney, CTO of Device Authority.

Comprehensive protection for machine identities

Venafi’s Machine Identity Protection Development Fund is a $12.5 million initiative to protect all machine identities. Funded developers will create integrations that accelerate the delivery of comprehensive protection for machine identities across complex enterprise networks. The Development Fund is a global initiative and will increase the visibility, intelligence and automation required for machine identity protection.

The Machine Identity Protection Development Fund encourages recipients to build integrations across any technology that creates or consumes machine identities, including:

  • Cloud and hybrid cloud infrastructure.
  • DevOps.
  • Containerisation.
  • Secure Shell (SSH).
  • Code signing.
  • Robotic Process Automation (RPA).
  • Artificial intelligence, machine learning and big data analytics.
  • IoT
  • Blockchain distributed ledger technology
Download PDF version Download PDF version

In case you missed it

Alamo enhances security with Alcatel-Lucent solutions
Alamo enhances security with Alcatel-Lucent solutions

Alamo Colleges in San Antonio, Texas supports more than 65,000 students and 7,000 staff. It's five campuses and smaller regional learning centres connect students and staff, expan...

When choosing an access solution, make total cost of ownership a key part of the calculation
When choosing an access solution, make total cost of ownership a key part of the calculation

Digital access control has well-known benefits over traditional security, of course, but also costs attached to each stage of its lifetime. However, these costs are not fixed. Many...

The Camp: Enhance security with ASSA ABLOY Aperio wireless locks
The Camp: Enhance security with ASSA ABLOY Aperio wireless locks

As a provider of future-oriented business education, The Camp sought an access control solution as forward-thinking as their courses. Their campus site near Aix-en-Provence is div...

Quick poll
What's the primary benefit of integrating access control with video surveillance?