GlobalSign, Comodo launch competing IoT security platforms

Rival certificate authorities GlobalSign and Comodo CA this week launched competing IoT security platforms designed to improve identity management and authentication of connected devices.

GlobalSign Tuesday unveiled its IoT Identity Platform, which includes several products and services aimed at using public key infrastructure (PKI) to assign identities to IoT devices and authenticate them. The cloud-based platform includes IoT Edge Enroll, an enrollment client that provisions and manages PKI-based identities for an assortment of connected devices. IoT Edge Enroll can authenticate and revoke devices and also includes a device Registration Authority (RA) as well as certificate lifecycle management.

In addition, GlobalSign's platform features IoT CA Direct, which is an identity issuance engine for device certificates, and IoT CA Connect, which offers third-party application integration for identity and access management products. GlobalSign said the platform uses RESTful APIs for secure connections and claims its PKI service can issue 3,000 certificates per second.

On Thursday, Comodo CA launched IoT PKI Manager, which also applies certificates to connected devices. Comodo's IoT security platform, which uses a combination of X.509 identity certificates and customized TLS/SSL certificates, offers enterprises Certificate Authority (CA) signing and hosting services as well as a batch issuance system for enrolling and authenticating large batches of certificates.

Comodo's IoT security platform also offers automatic certificate provisioning as well as certificate lifecycle management services. The company had previously introduced certificate products and services for IoT devices, but Damon Kachur, head of IoT solutions at Comodo CA, said the IoT PKI Manager ties those offerings together into one platform with a single user interface for all certificates accounts as well as new enrollment and management features. The aim, Kachur said, was to make the certificate process for IoT devices as easy as possible.

"The [IoT] industry is a little scared of PKI because companies think it's a heavy lift," he said. "It's not, if you have the right platform. We take all of the auditing and all of the lifecycle management and make it simple."

Both Comodo and GlobalSign, as well as other certificate authorities, have discussed the growing opportunities around securing and authenticating connected devices and have already made inroads in the IoT security market. PKI certificates can protect connections and data flows between devices and servers as well as enable organizations to revoke the access of compromised devices to their private networks.

"The certificates make sure that authenticated devices are connecting to the right private network and aren't being used by threat actors," Kachur said. "They can prevent things like the Mirai botnet [distributed denial-of-service] attacks."

GlobalSign's IoT Identity Platform and Comodo's IoT PKI Manager are both currently available.