DigiCert Management Circle: Over-the-air (OTA) updates and digital trust

On March 24th, DigiCert, a global digital security company, held its Management Circle Meeting in Munich, where DigiCert’s European partners gathered, and executives shared insights into trends in device security. A leading global provider of digital trust, DigiCert is a provider of choice for leading companies around the globe, enabling individuals, businesses, governments, and consortia to engage online with confidence, knowing their digital footprint is secure. DigiCert offers:

• High-assurance TLS/SSL transport encryption
• PKI security certificate management
• IoT-specific and software signing solutions

Northern.tech, the leader in device lifecycle management and the company behind Mender, partners with DigiCert to leverage secure and robust OTA software updates, and secure software artifact signing. As representatives from Northern.tech, Stephen Cawley, Head of Enterprise Marketing, and Tom Wilke, Commercial Director, were invited to participate.

Stephen Cawley and Tom Wilke from Northern.tech with partner Claus Gruendel of Swissbit at the DigiCert Management Circle Meeting.

The impact of poorly managed certificates

In his keynote, Christoph Bodin, Chief Revenue Officer of DigiCert, stressed the importance for enterprises to build digital trust across their cloud and edge ecosystem. DigiCert research reinforced the criticality of having a dynamic strategy for managing PKI certificates on IoT devices. There is a high business cost for failing to manage certificates properly. For example, a certificate outage costs enterprises $11 million compared to $9.4 million for a data breach. A failed compliance audit costs $14 million.

Mike Nelson, Global VP of Digital Trust at DigiCert, followed, covering the convergence between infrastructure dev ops, identity and access management, security operations, and IoT operations. IoT exponentially widened the attack surface. And Mike predicted that the growth of 5G adoption would create “one big network” with an even larger attack surface. Of 400 enterprises on certificate management, enterprises have an average of three to five different PKIs in their environment and an increasing number of certificates to manage. One in four enterprises surveyed had experienced PKI outages. Rogue certificates are also a big problem. Mike cited the infamous Equifax breach, which saw 320 certificate outages through a breach in a traffic inspection device, impacting an estimated 44% of the U.S. population.

Insights from an IoT security expert in healthcare

DigiCert featured a special guest presenter, Joern Lubadel, Global Head of Product Security for B. Braun Group. With over 2 million smart infusion pumps for patient treatment in the market, B. Braun Group is a leader in smart infusion therapy and pharmacy products and provides safety and sustainable health solutions. Data, IT, and IoT enable personalized patient treatment and precise dosage within these environments. Joern stressed that patient safety is the number one consideration for B. Braun Group. Cybersecurity and IT are top concerns where those disciplines enable ensuring patient safety.

Joern presented on B. Braun Group’s technology strategy for smart medication management, describing a specific smart medication management workflow in oncology patient treatments:

1. Patient diagnosis, genetics, and intake
2. Prescription
3. Administration, including outpatient
4. Outpatient care and discharge

Beneath this workflow is a data analytics and prediction layer, including:

• Hospital information system (electronic medical records)
• Diagnostic information system
• Prescription
• Treatment preparation
• Administration
• Patient-reported outcomes

Software integrity is critical to dose error reduction. The whole IT infrastructure – from patient diagnosis to dosage creation and patient infusion treatment – must be protected holistically. Industry standards are also prioritizing safety and security. For example, Joern is working on the ISO standards committee to help maximize device and system security.

Joern Lubadel, Global Head of IoT Device Security, B. Braun, stresses patient safety as the top priority for medical device providers. IoT device security and protection are critical to ensuring safety.

Download our ebook to learn how OTA can be integrated into medical devices.

Contact us to learn more about Northern.tech’s partnership with Digicert and how we can help you secure your IoT devices and enterprise systems.