Managing IIoT Authentication
by VPNHaus | 12/11/2018
The market for Industrial Internet of Things (IIoT) equipment is growing rapidly. Before long, the installed base of smart industrial machines will exceed the number of remote workers.
However, advances in IIoT technology are fast outpacing security-by-design standards.
Enterprises still spend billions of dollars giving employees user names and passwords to keep their networks safe. Yet, virtually nothing is done to protect machine identities.
Managing large numbers of IIoT systems securely starts with complete trust that all remote devices are genuine. Modern professional virtual private network (VPN) software gives IT support operatives the means to remotely manage IIoT security elements such as privacy and authentication in real time and at scale.
Global demand for IIoT systems is buoyant. Recently released analyst forecasts cite compound annual growth rates (CAGR) of more than 15% by 2022. Moreover, in 2018 a milestone will be reached as the number of IoT-connected systems surpasses mobile devices for the first time.
The importance of IIoT is also reflected in the resources major technology brands like Microsoft, Amazon and IBM are pouring into enterprise IoT platform development.
Analysts calculate the market for industrial sensors for remote monitoring and control of everything from factory systems to goods tracking and office heating/lighting will be worth $21.6 billion worldwide by 2023.
As of yet, there are no recognized industry standards for IIoT device manufacturers to follow.
In fact, many device makers believe it is not worth their while building-in a high level of security. A 2016 McKinsey & Co./GSA survey found just 15% of smart equipment manufacturers thought customers would be willing to pay higher prices for more built-in security.
Customers must therefore assume responsibility for protecting their own smart systems. A first priority must be to secure the identity of each machine.
Establishing an assured identity is essential for trusted data communications between remote IIoT devices, mobiles, cloud-based apps and centralized management points.
Yet, out of 350 IT decision makers who took part in a 2018 Forrester/Venafi study, most (80%) confessed to struggling with the issue of machine identity protection.
The same report points out that while the global identity and access management (IAM) market is worth over $8bn, the bulk of it is focused on human identity protection. By contrast enterprises spend almost nothing protecting the keys and certificates that machines use to identify and authenticate themselves.
Cyber criminals know this. For around $1,200 they can even buy a digital persona on the dark web that allows them to impersonate another device. In other words they can hide in plain sight.
Authentication with Certificates
For effective management and protection of machine identities, organizations need detailed insight into all machine identities across their networks.
Most enterprises already have strong, detailed authentication processes like Active Directory Certificate Services (AD CS) built into their networks.
Certificates are used in place of passwords to authenticate trusted connections between multiple network endpoints - be they on-premise systems, mobile workers or remote cloud-based servers.
It makes sense to expand the scope of certificate services to include authentication of IIoT systems. Put simply, a certificate is an assurance of identity and authorization using a secret private key validated with a known public key.
Unlike passwords or other methods based on shared secrets, certificates can’t be stolen or otherwise maliciously appropriated by an impostor.
Bolster with VPN
It is possible to securely monitor and manage the data communications of many thousands of authenticated remote IIoT devices using professional, enterprise-grade VPNs.
A VPN can help protect the IP-connection of every IIoT machine by encrypting all digital communications passing over the Internet between innumerable devices and the remote administration center.
Encrypted connections mean smart systems can continue to send data over the web as usual. Meanwhile, the digital content is shielded from any outside third parties who might wish to monitor these online activities.
In summary, the lack of any fully-realized standards for IIoT equipment security remains problematic for enterprises seeking to reap the productivity and efficiency benefits of smart industrial processes.
It places the onus on enterprises to put measures in place that sufficiently authenticate remote IIoT systems.
However, there is evidence to show that while a lot of effort goes into assuring the identities of workers, enterprises are doing almost nothing about authenticating machine identities. If left like this for any length of time IIoT devices will quickly be targeted by cyber criminals.
In combination with remote access controls and certified authentication measures, VPNs provide robust protection against sensitive corporate data falling into the wrong hands.