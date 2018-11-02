Certificates are going everywhere. They are safe and reliable, compared to shared secrets, user IDs and passwords, and tokens. Even biometrics use certificates as the underlying technology. Certificates on the web will evolve, driven by automation and innovation that redefine prices and presumed norms. Customers will look for certificate lifecycle management from one pane of glass for all their certificates and devices. Certificates, coupled with their reputation, will become the norm — which also means that certificates used for nefarious purposes must be quickly identified and removed from service.

It’s also important to consider the role of certificates in a world of connected devices. From an end user perspective, the slow uptake of security in IoT devices has prompted governments to regulate. Nations (and more U.S. states) will follow California’s lead and enact legislation requiring security for IoT networks. This is particularly important for healthcare, transportation, energy, and manufacturing sectors, which face the highest risk. The legislation stops short of prescribing strong forms of authentication — but thankfully, consortium groups such as the Open Connectivity Foundation and AeroMACS have championed the use of strong certificate-based authentication in their best practice standards for IoT.

The bad guys are constantly evolving, warranting best-practice device provisioning and agility to swap current cryptographic algorithms with those that will supercede them in the future. This will be vital within the lifespan of the devices being deployed to customers.

At the end of the day, security will remain a layered solution, and certificates are one layer. There is no silver bullet.