In today’s rapidly evolving technological landscape, the security of Internet of Things (IoT) devices remains a critical concern. Many of these devices, particularly those deployed in industrial and remote environments, lack modern authentication measures. They often rely on default credentials or, in some cases, no credentials at all, leaving them highly vulnerable to cyberattacks. Even when certificates are employed for authentication, their frequent expiration and limited visibility into the device’s status can introduce significant operational and security challenges over time. This is a concern highlighted by Darron Antill, CEO of Device Authority, who stresses the need for more robust security strategies for IoT devices.

To address these challenges at scale, Antill advocates for a secure-by-design approach, emphasizing the implementation of zero trust principles. This involves continuously authenticating and authorizing devices throughout their lifecycle to ensure their security. Automation plays a crucial role in this strategy. Given the sheer volume of IoT devices expected to be integrated into modern enterprises, human administrators cannot feasibly manage them all, especially since these devices often remain operational far longer than traditional IT assets.

Antill emphasizes the zero trust philosophy: “Never trust anything inside or outside your perimeter. Always verify anything and everything trying to connect to your systems.” This mindset is essential as organizations strive to protect their networks from potential threats. In a recent interview at the RSAC Conference 2025 with Information Security Media Group, Antill delved deeper into the topic, discussing the growing importance of identity in the IoT space and the necessity for organizations to adopt new security approaches that consider both human and non-human actors.

Furthermore, Antill highlights the significance of embedding cryptographic techniques and secure-by-design principles from the outset of IoT device development. By doing so, organizations can ensure a more robust security posture that can withstand the evolving threat landscape. Under Antill’s leadership, Device Authority has made significant strides in the IoT cybersecurity domain, securing over $70 million in funding, including a notable investment from Goldman Sachs, which marked one of the largest private investments outside of Facebook at the time.

In conclusion, as IoT devices continue to proliferate in various sectors, the need for effective security measures becomes more pronounced. Antill’s insights underscore the importance of adopting a zero trust framework and leveraging automation to manage the security of these devices effectively. By prioritizing secure-by-design thinking and recognizing the crucial role of identity, organizations can better protect their IoT infrastructure from potential threats and ensure long-term operational resilience.