How to protect IoT devices during the manufacturing stage with secure provisioning

Below is a text excerpt of the first 5 minutes of this webinar.

Today’s speakers are Brian Colgan and Paul Lockley.

Brian has many years’ experience in the semiconductor industry, previously working in Xilinx’s research lab; and as a sales representative for Cypress Semiconductor. He is currently a Field Applications Engineer at EPS Global where he supports customers with their MCU and FPGA requirements.

Paul is currently VP of Sales in EMEA at Device Authority, leading our partner and alliance and customer engagement. He has over 25 years’ experience delivering value-based customer solutions; building go-to-market strategy; and creating shared success.

In today's session, Paul and Brian will focus on:

• The challenges and risks of IoT
• The need for a Secure by Design approach
• Guidance and solutions to mitigate the risks
• Real customer use case

Questions submitted throughout the session will be answered at the end of the webinar.

[Paul Lockley] Welcome to everyone who is on today's webinar. I passed this test which is remembering to unmute before I started speaking! I want to start you off with: what's the difference between IT and IoT when it comes to identity?

In IT, we have:

• A Person
• A set of applications
• Access control, and
• Some known criteria

Typically these environments are stable and static, you don't rapidly tell the amount of employees you have in a mature business.

In IoT, we are talking about the headless devices:

• No core Root of Trust
• No human leverage
• Scale

The scale is ultimately going to be quite substantial as you go from pilot to production, and you start to recognize the value more and more.

With that comes several key challenges around how you build and how you manage it. Take IoT for example. Very established, mature in its approach, and yet it still struggles and suffers from things like ransomware. We had a story of a German hospital that suffered a ransomware attack which closed down all of its services, all of its applications, and people in need of critical operations and critical healthcare were forced to be relocated to another hospital. Unfortunately for one patient this resulted in that critical care not being provided in time and there was a loss of life. There is now a case of manslaughter being bought by the German government against the perpetrators of that ransomware attack which is a first in the industry.

This is one example of the challenges already being faced by CIOs and IoT leaders. Other major concerns include:

• Patient/User safety around connected services
• Personal Information (PII), any would exist at the edge that could be unprotected or vulnerable
• Being able to create and maintain service uptime
• Brand Damage and Reputation - Mature organizations are probably able to suffer a couple of hits to brand and brand loyalty, but new organization don’t have that luxury. You could be in a scenario where one round of brand impact and its the end.
• The ever-evolving landscape of compliance and regulatory control, and we see this as rapidly evolving. The latest being the Senate Bill 734 in the US, “IoT Cybersecurity Improvement Act”. This applies to any device manufacturer who wants to create a connected product for IoT. They are required to have a minimum standard for IoT security, and if you cannot provide and meet that minimum requirement, you will be barred from selling into the US which is substantial and when that goes through its final ratification, it's going to have a massive impact to how people have to apply security and identity rigor to connected devices.

To watch the full webinar please click on the link below, where you will discover:

• Who are Device Authority?
• Who are EPS Global?
• The benefits of KeyScaler - Device identity centric IAM platform for IoT and Blockchain
• The challenges and opportunities with Trust and Automation in the IoT Device Journey
• Managing enterprise IoT Security
• IoT Device Secure Production
• Encryption; Authentication; and Update Service Flow
• Automotive examples – PKI Management for Connected Cars
• Secure Provisioning services offered by EPS Global
• Questions & Answers from the webinar

Watch Webinar