Manage Learn to apply best practices and optimize your operations.

How to manage IIoT authentication and protect machine identities

The global demand for IIoT equipment is growing rapidly. The importance of IIoT is also reflected in the resources major technology brands like Microsoft, Amazon and IBM are pouring into enterprise IoT platform development. Analysts calculate the market for industrial sensors for remote monitoring and control of everything from factory systems to goods tracking and office heating and lighting will be worth $21.6 billion worldwide by 2023.

Last year, a milestone was reached as the number of IoT-connected systems surpassed mobile devices for the first time. Before long, the installed base of smart industrial machines will exceed the number of remote workers. However, advances in IIoT technology are fast outpacing security-by-design standards. While enterprises spend billions of dollars giving employees usernames and passwords to keep their networks safe, not enough is done to protect machine identities.

Identity protection

Currently, there are no recognized industry standards for IIoT device manufacturers to follow. In fact, many device makers don’t believe it is worth their while to build in a high level of security. A McKinsey & Co. and GSA survey found that just 15% of smart equipment manufacturers thought customers would be willing to pay higher prices for more built-in security.

This means customers must assume responsibility for protecting their own smart systems. The first priority must be to secure the identity of each machine. Establishing an assured identity is essential for trusted data communications between remote IIoT devices, mobiles, cloud-based apps and centralized management points.

In a 2018 Forrester and Venafi study, 80% of IT decision-makers confessed to struggling with the issue of machine identity protection. While the global identity and access management market is worth over $8 billion, the bulk of it is focused on human identity protection. Unfortunately, enterprises spend nearly nothing to protect the keys and certificates that machines use to identify and authenticate themselves.

Cybercriminals know this. To make matters worse, they can even buy a digital persona on the dark web for about $1,200 that allows them to impersonate another device. In other words, cybercriminals can hide in plain sight.

Authentication with certificates

For effective management and protection of machine identities, organizations need detailed insight into all machine identities across their networks. Most enterprises already have strong, detailed authentication processes like Active Directory Certificate Services built into their networks.

Certificates are used in place of passwords to authenticate trusted connections between multiple network endpoints, be they on-premises systems, mobile workers or remote cloud-based servers. It makes sense to expand the scope of certificate services to include authentication of IIoT systems.

Put simply, a certificate is an assurance of identity and authorization using a secret private key validated with a known public key. Unlike passwords or other methods based on shared secrets, certificates can’t be stolen or otherwise maliciously appropriated by an impostor.

Secure industrial processes

To securely monitor and manage the data communications of authenticated remote IIoT devices, implementing professional, enterprise-grade virtual private networks (VPNs) is critical. Modern VPN software gives IT administrators the ability to remotely manage IIoT security elements such as privacy and authentication in real time and at scale.

A VPN can help protect the IP connection of every IIoT machine by encrypting all digital communications passing over the internet between innumerable devices and the remote administration center. Encrypted connections allow smart systems to send data over the web while being shielded from any outside third parties who might wish to monitor these online activities.

As analysts forecast compound annual growth rates of more than 15% by 2022, enterprises have a responsibility to put proper measures in place that sufficiently authenticate remote IIoT systems. In combination with remote access controls and certified authentication measures, VPNs are guaranteed to provide robust protection against cyberthreats and criminal activity.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.