The new Competitive Assessment by global technology intelligence firm ABI Research provides an in-depth and objective examination of IoT device identity lifecycle management solutions, ranking eight traditional Certificate Authorities (CAs) based on top-of-mind concerns for implementers, including secure provisioning, identity management, deployment, IoT ecosystem partnerships, and intelligent automated services.
“Innovation starts at the design level with digital identity providers offering services geared to specific IoT applications rather than bundling them under the general ecosystem. This includes extending digital certificate design beyond the X.509 standard, offering identity management options that consider connectivity requirements and bandwidth restrictions and, ultimately, allowing implementers to customize the digital identity framework of their IoT devices,” explains Dimitrios Pavlakis, Senior Analyst of IoT and Digital Security at ABI Research.
Further, identity provisioning needs to be versatile enough to include multiple service options that can adapt to different IoT architectures, device specifications and application needs. Choice should be available to support greenfield and brownfield IoT deployments, provide for containers and serverless options, as well as for agentless deployments. Interoperability is also of critical importance. IoT implementers require solutions that are market and hardware agnostic, able to integrate with a wide array of silicon products and architectures and support a range of security operations in device lifecycle, certificate and key management, token issuance and secure code signing.
Device Authority scored first overall in the assessment followed by Entrust, DigiCert, and GlobalSign. Device Authority offers a full end-to-end solution and the optimal spectrum of device identity management options including agile, proprietary crypto libraries to provide secure identities based on multiple unique identifiers and device specifications. The KeyScaler solution suite offers secure transfer of ownership of the device certificates across the supply chain, secure onboarding, management of certificates, and Over the Air (OTA) updates.
Entrust provides not only secure device lifecycle services for IoT but also the underlying hardware security modules (HSMs) for a hardware root of trust, upon which it has built an array of versatile deployment services specifically designed for IoT environments and customizable through the option rich Entrust Certificate Hub.
GlobalSign IoT Edge Enroll provides an ever-expanding database of digital certificate templates enabling fine-grained customization of IoT digital identities and the offer of a unique identity proposition for IoT devices in numerous different use-cases.
DigiCert’s IoT Device Manager enables a plethora of identity and lifecycle management services, but key among its innovation is the offer of PKI certificate derivatives, created by shrinking the size of standard certificates without compromising on integrity or security to provide unique identifiers suitable for the IoT.
For providers, the support of complementary ecosystem partners, automated and policy-driven management services, and flexible pricing models to maximize monetization is key. “A comprehensive IoT Device Identity Lifecycle Management platform will align with the evolving device management practices in the field,” notes Pavlakis. “Secure remote provisioning capabilities, modular certificate design, streamlined management and automation are key options for truly innovative and scalable IoT solution in this space.”