Sectigo Releases Secure Key Storage Device for IoT Components to Support Secure Communications

Web security company Sectigo just announced a new Secure Key Storage (SKS) Software Development Kit (SDK). The software-based library is designed to manage, secure, and store passwords, encryption keys, and other confidential information. 

SKS removes the risk of exposing credentials of devices that don’t have a built-in, hardware-based secure key storage system.

 

Sectigo: A Security Solutions Company

Founded in 2000 in New York, Sectigo is one of the world’s largest commercial Certificate Authority (CA) and web security solutions companies.

 

The Sectigo logo. Image used courtesy of Sectigo

 

Sectigo creates digital certificates, including TLS / SSL, DevOps, IoT, enterprise-grade PKI management, as well as multi-layered web security. The company has completed a number of acquisitions in the past four years. In 2018, Sectigo acquired web security company CodeGuard, and in 2019 specialized security software Icon Labs. Sectigo has recently acquired Site Lock, a security software company focusing on malware removal and scanning for website security.

Sectigo has raised a total of $7.5 million in funding in September 2020, led by private equity firm GI Partners. In the same month, GI Partners acquired Sectigo, which continued to operate as an independent entity.

 

The Secure Key Storage SDK

Today, many IoT devices utilize a hardware platform for secure key storage, but the same cannot be said about legacy devices. From industrial controls to medical instruments today, many IoT devices still do not have a secure hardware element required for secure key storage.

To address this limitation, manufacturers tend to add dedicated hardware secure key storage, making IoT devices more expensive. Sectigo’s SKS-SDK aims to solve these issues by providing an alternative solution for IoT devices without hardware-based secure key storage.

From a technical standpoint, the new solution offers device authentication via transport layer security (TLS) protocols and data encryption on embedded devices and password storage and access.

 

An overview of the Sectigo Security and IoT Identity Platform. Image used courtesy of Sectigo

 

SKS-SDK is a component of the Sectigo Security and IoT Identity Platform, a portfolio of tools intended to provide device identity, integrity security, data protection, and high-scalable certificate lifecycle management.
 

Improving Password Security

Lack of password strength is often one of the main vulnerabilities exploited by attackers trying to get access to industrial systems. In May of 2020, several SCADA systems in Israel were targeted by hackers, including wastewater treatment plants, pumping stations, and sewage facilities.

The following analysis of events by cybersecurity firm Radiflow assessed that the attacks were started by a malicious actor exploiting a weak or default password to access various network elements to gain remote access to the facilities.

This was hardly an isolated case. Poor password strength represents a common vulnerability in the industry, with research from security company Eaton confirming many companies use default passwords, or no password at all, to configure many industrial devices initially.

To try and mitigate the issue in the U.S., the Cybersecurity and Infrastructure Security Agency (CISA) published the Ransomware Prevention Guide in October 2020, which also specifies best password hygiene practices for industrial firms.

The introduction of Sectigo’s SKS-SDK now aims to provide even higher levels of security for IoT devices.

“Sectigo’s latest secure key storage solution enables IoT device manufacturers to protect private keys and critical information from hackers with special attention to affordability and compliance,” said Alan Grau, VP of IoT/Embedded Solutions at Sectigo. For more information about Sectigo’s SKS-SDK, you can check out their website.