Certified Security Solutions (CSS): Creating a Reliable and Hackproof IoT Ecosystem

Ted Shorter, CTO
Across industry verticals, a rapid growth of the Internet of Things (IoT) adoption is being witnessed, primarily driven by increased IPv6 scalability and reduced connectivity, sensors, and bandwidth costs. Security, however— despite its importance—is often left out of discussions until the very end or after a breach occurs. As many IoT devices are expected to have a lifespan of 15–20 years and may be incapable of receiving automated updates or patches like other electronic devices, it poses unique challenges for security solution providers. The lack of standardized security protocols adds to the problem. “These, in addition to the growing number of automobile and medical device hacking incidents, are making organizations take a step back in terms of their IoT implementations,” says Ted Shorter, CTO of Certified Security Solutions (CSS).

Based in Cleveland, OH—CSS focuses on enabling companies to authenticate devices, encrypt data and sign data within a client’s IoT network stack. CSS was initially an Information Security services company focused on securing IT infrastructures of Fortune 500 companies. The firm gradually rolled out its enterprise Public Key Infrastructure (PKI) managed services to remove the challenges of having a dedicated in-house PKI for internal enterprise applications. “We see identity as a fundamental piece of the security puzzle. We help companies use digital certificates to validate the connections between devices to verify that the information generated is legitimate,” says Shorter, highlighting the inadequacies of usernames and passwords, as well as other identity authentication methods in the IoT arena due to their inherent problems.

In conjunction with their PKI professional and managed services, CSS has a Certificate Management System (CMS) software, which works as the powerhouse backend to their managed services. Clients also can use CMS as standalone software to prevent outages and breaches by efficiently and effectively managing the issuance and expiration of large scale of digital certificates across websites, enterprise systems and IoT.
“It’s a combination of our software and services that ensures our position in the market,” comments Shorter. One of the big differentiators that CSS brings is the ease of doing business. Shorter stresses that CSS tends to spend a lot of time understanding a company’s problems to make sure that their service delivery is in accordance to the customer’s need. “Our products and service offerings are created with the feedback we have received since the first day of business,” reiterates Shorter.

Our products and service offerings are created with the feedback we have received since the first day of business

One illustration of the company’s customized approach is that of a medical device manufacturer. CSS was tasked with creating a certificate issuance infrastructure for their devices. The most critical aspect in this instance was the communication between a pacemaker and a static device positioned in the patient’s bedroom, which relayed the heart activity to physicians. Following the certificate installations, CSS ensured that no other device could communicate with that static device and the medical information conveyed back to the data repository was legitimate and hackproof.

In pursuance of securing such complex interactions, CSS wants to preserve the patterns of their PKI heritage to add value to the overall security environment. In terms of presence, the company intends to be a key player across a wider array of internet-connect platforms and expand its offerings. “We are looking for partnerships with device vendors that help us solve our customers’ problems more quickly,” concludes Shorter.

Certified Security Solutions

Cleveland, OH

Ted Shorter, CTO

The company provides IT security software and solutions making authentication scalable, flexible, and affordable.