White Paper: Crypto-Agility for PKI. Download.
Industries, of all stripes, face a dilemma. On one hand, they are forced to embrace the concept of digitizing their business. This in turn requires deploying IoT technology. Devices of all types, from connected vehicles and heavy machinery to medical equipment and building automation are beginning to leverage connectivity across networks and the Internet. But in parallel, these IoT deployments lead to greater cyber security risks. It’s no wonder that Gartner finds that IoT security has become one of the top worries of CIOs.
It is however possible to deploy IoT devices in a manner that meets both business and security needs. IoT security begins with building a foundation of unique identity and trust, and is maintained through the ability to securely update devices throughout their operations.
CMS VerdeTTo™ establishes trusted identity for your devices and provides complete identity lifecycle management for your IoT ecosystem. CMS VerdeTTo™ establishes a private Root of Trust, which together with unique identity on every device sets the stage for the critical functions of authentication, authorization, and encryption. The future of your business just might depend on your ability to deploy, scale and manage IoT technology. You can’t afford not to secure your IoT devices and the authenticity of the data they generate.
How do I get a digital certificate onto my device?
The most common question asked is the most pivotal in establishing a foundation for IoT security. Ensuring every device has a unique identity assigned, a proper Root of Trust established, and a secure means to update both, is the most important step in promoting a secure IoT ecosystem.
What steps are taken during manufacturing to establish unique identity? How do I leverage the device serial number and unique attributes?What happens when my device is first activated online?
See the common scenarios in device provisioning and how to ensure your devices are properly equipped and secured prior to becoming operational.
How do I view and manage a complete inventory of devices?
Continuously seeing what devices are active and where they are operating is an important part of ensuring ongoing IoT security. Even more important is the ability to manage and update your fleet.
What steps do I take if a device is compromised or needs to be taken offline? What do I do when the device is sold to a new owner? How is my trust model affected by the introduction of a new support or operations group?
See the common changes that will affect your device and trust model, how to be prepared for them, and how to handle them with ease and efficiency.
Can I encrypt my device data and ensure only trusted connections?
Authentication, encryption, and secure code signing are all benefits of having unique identity established for devices. Leveraging a Root of Trust, certificates, and keys across your IoT ecosystem, device operations are secured with the same mechanisms currently used in your IT infrastructure.
Can my IoT Platform and applications integrate with my device identity framework? How do I ensure only trusted updates are applied to my device?
See the common operations that your IoT devices will be a part of, and how to easily integrate your identity framework into the broader IoT ecosystem and its processes.
Download the exclusive white paper to learn:
Download the exclusive guide to learn:
A challenge in securing your device today is accounting for required device operations in one, five, and ten years from now. What is put in place today needs to be ready for future requirements, and for new configuration. Unlike your car or small home appliance, bringing most IoT devices "back into the shop" for maintenance will not be an option.
See the common scenarios that should be accounted for up front, and how best to do so.
As a market leader in applying certificate-based identity within secure workloads, CMS VerdeTTo™ is the first platform to manage an IoT device's complete identity lifecycle, from manufacturing and activation through deployment, (re)assignment, support, and termination.
Public Key Infrastructure (PKI) technologies and skills that have proven their effectiveness in IT for years are now available to IoT. CMS VerdeTTo™ allows for smooth introduction of this Information Technology (IT) solution across the Operational Technology (OT) space.
Equipping devices with unique identity includes the setup of devices with CMS VerdeTTo™ Agents and bootstrap credentials, authentication, and registration of devices, and the generation of device certificates and keys. This dynamic process is customized according to several project variables including manufacturing logistics and hardware specifications.
Agents allow devices to benefit from CMS VerdeTTo™ One-Step Automation, facilitating all common certificate and Root of Trust management tasks from a centralized console. Agents are available for embedded Android, Java, and native-C for real-time operating systems (RTOS).
Root of Trust (RoT) Management
Centralized management of all certificates, key stores, and trust stores across all devices, applications, servers and services within the IoT ecosystem. CMS VerdeTTo™ One-Step Automation brings control and convenience to common routines, allowing for the management of large fleets with minimal effort. Configurable workflow ensures adherence to security and operational policy.
Extended Identity Attributes
Having the ability to bind custom device attributes to their identity without having to modify, revoke or reissue any certificate. Extended attributes are defined individually, and can be applied en masse to a large fleet by leveraging CMS VerdeTTo™ Device Blueprinting, which configures and registers a device’s role during its activation. Extended identity attributes are leveraged for targeted device management, and also verified in real-time by IoT platforms as part of their authentication and access control enforcement routines.
IoT Ecosystem Integration
APIs and plug-ins for popular IoT platforms allow applications to authenticate unique device identities in real-time, validating their authenticity and authorizing their access. Applications can also enforce granular access control through real-time verification of extended identity attributes. CMS VerdeTTo™ agents are also used to centrally update application trust stores, ensuring the validation of only trusted certificates and the ability to revoke certificates and remove trust. Supported platforms include ThingWorx, Azure IoT Hub, AWS IoT, SAP Leonardo, and Apache-based applications.
Private and Public CA Support
CMS VerdeTTo™ supports a wide range of Certificate Authorities (CAs), including a fully-managed CMS VerdeTTo™ PKI, internal private CAs, and public certificate issuers such as Certicom, Digicert, and Entrust.
The CMS VerdeTTo™ PKI is a high assurance, single-tenant system built around a private-root that you maintain full ownership of. This instance is available as a managed service, offloading all PKI operations and maintenance to a professional operations team.
Proven in environments of 500-million devices, CMS VerdeTTo™ is designed for the mass scalability required by IoT. CMS VerdeTTo™ can run in the cloud, on-premise, or in a hybrid mode architecture for custom requirements.