IoT Security: Why the Industry Must Prioritize Global PKI Trends, According to Thales

Public key infrastructure (PKI) is often described in technical jargon, but its impact on the Internet of Things (IoT) is profound. Recent research from the Ponemon Institute highlights how cloud applications and IoT are becoming the newest disruptors to future PKI planning, a trend that could leave billions of devices vulnerable if not addressed.

Key Insights from Thales Security Strategy

John Grimm, Senior Director of Security Strategy for Thales e‑security, emphasizes that PKI is essential for protecting IoT ecosystems. He notes that the same jurisdictional debates that historically surrounded PKI now affect IoT deployments, requiring collaboration across security, IT, compliance, and operations teams.

Grimm points out that the ideal PKI professional is an IoT architect—a role with only about 100 recognized experts worldwide, according to Gartner. Unfortunately, many organizations connect devices without IT oversight, echoing past challenges when LANs expanded rapidly without adequate governance.

Technical and Political Challenges

On the technical side, many industrial machines were not designed for network connectivity. The computational overhead of PKI can overwhelm low‑end devices, making secure implementation difficult. Even purpose‑built IoT hardware faces risks; compromised OEM firmware can introduce backdoors from the outset. Clive Watts, Product Manager at Secure Thingz, warns that a device compromised at the factory level can compromise the entire network.

Public Perception and the Need for Clear Communication

Incidents such as the Las Vegas casino hack—where a casino’s security system was breached via an internet‑connected fish‑tank thermometer—demonstrate how easily the public can associate IoT with security breaches. Clear, relatable explanations of PKI’s role in IoT can help shift focus from fear to confidence.

Ultimately, the IoT industry must adopt robust PKI practices to safeguard device integrity, ensure regulatory compliance, and build trust with consumers. Proactive collaboration across disciplines and a commitment to secure design will be critical as the IoT landscape continues to expand.

Article by freelance technology writer Nick Booth.