GlobalSign Blog

Announcing the Release of IoT Edge Enroll v2 for Secure Device Enrollment

Announcing the Release of IoT Edge Enroll v2 for Secure Device Enrollment

It is well known that proper device enrollment is key to provisioning unique, strong and secure device identities. Many of our IoT customers are familiar with and have used our IoT Edge Enroll product for device enrollment to our PKI-based IoT Identity Platform. It’s been a very popular integration and an integral part of PKI success. 

But as the industry has matured, our customers have expressed a desire for a more streamlined, flexible device enrollment process with customizable levels of security. We listened to what our customers wanted and put our team to work re-imagining what IoT Edge Enroll offers and how it works.  

Announcing IoT Edge Enroll v2 – The Next Level in Secure Device Enrollment 

IoT Edge Enroll is a full-featured, device identity enrollment and management service that ensures simple, secure and optimized device identity lifecycle management. We’re proud to say IoT Edge Enroll delivers the advanced control and management functionality that IoT ecosystems and PKI administrators have been looking for. 

Solving Common Customer Challenges Around Device Identity Enrollment

Many companies have faced challenges in device identity enrollment. Immature security standards – or lack of universal security standards entirely – make following the rules a guessing game. Compounding the skill gap is the fact that building and running a properly secured PKI is expensive. Firms simply cannot find the qualified talent necessary to develop, implement, and manage a costly on-premise PKI, as well as stay current with emerging and changing industry standards. This is especially true for IoT manufacturers and critical IoT infrastructure operators. 

IoT device and semiconductor manufacturers are concerned with streamlining enrollment configuration and set up, certificate configuration and management, and how their chip or device identities impact downstream enrollment. Critical IoT infrastructure device operators have a need for interoperability, managing device identities, and securing communications as well as their connected supply chains. Both manufacturers and operators want to better oversee device identities on their networks and more securely manage device identity lifecycles. They are looking for IoT device enrollment solutions that simplify, optimize, and harden the enrollment process. 

IoT Edge Enroll v2 solves these challenges with extensible and secure design that is flexible for evolving and emerging IoT needs. 

IoT Edge Enroll key features include:

  • APIs for secure interoperability – Standards-based device enrollment protocols (Enrollment over Secure Transport [EST]) and dedicated enrollment servers speed integration and secure interoperability. 
  • Interoperability with all major IoT Cloud Platforms – Azure IoT, AWS IoT, Arm Pelion, and more
  • Dedicated, RESTful Admin API – for secure admin functions
  • Trusted Platform Module (TPM) attestation support – Integrating secure cryptographic microprocessor hardware with device identity credentialing 
  • Custom certificate profiles for IoT – Can be applied to all types of x.509 certificates
  • Certificate templating engine for exacting enrollment – Dynamically generate certificate fields from external sources and authenticate against enrollment policies
  • Device Identity Manager – Allows Admins to manage unique device identities and device groups throughout their lifecycles
  • Enrollment Policy Engine – For enhanced security, allowing configurable levels of authentication for security and compliance based on risk
  • Custom workflows – Address complex IoT use cases requiring different types of devices identities and stages of the IoT lifecycle
  • Plug-in architecture for customizing enrollment – Extensible framework enables plug-in features/functions to call external sources and code

Because it is fully integrated with GlobalSign’s Certificate Authority (CA), customers can choose from dedicated private hierarchies, branded public intermediate CAs, and shared or private roots. Featuring FIPS 140-2, level 3 compliance, it is secure and scalable with high performance processing. 

Enable Secure Device Enrollment with IoT Edge Enroll V2

IoT Edge Enroll is a key component of our PKI-based IoT Identity Platform, powered by Atlas, enabling Device Identity Lifecycle Management. With Edge Enroll you can:

  • Simplify enrollment by eliminating costly in-house implementation risks and management concerns, consolidating all PKI functions into a single framework, with support and guidance from GlobalSign’s PKI experts. 
  • Optimize enrollment and operation with powerful management tools, enrollment as a service, and a scalable, high-performance certificate issuance engine. 
  • Harden IoT device security and enrollment by adding a customizable layer of authentication and control.  As part of the secure GlobalSign ecosystem, we incorporate the most current standards, regulations and individual consortia recommendations available. EST protocols, TPM support and customizable authentication of the enrollment policy engine and certificate templating engine push security down to the device level for maximum device identity security.  

This latest version of IoT Edge Enroll delivers the most comprehensive, flexible, commercial PKI device enrollment feature set on the market. We think our customers will agree, it simplifies enrollment set up and configuration, optimizes the enrollment process and hardens device enrollment with flexible levels of security to suit individual IoT use case requirements.  

See for yourself. Contact us today to learn how IoT Edge Enroll can simplify, optimize and harden your device identity enrollment. 

Share this Post