One word summarizes the challenge of securing the Internet of Things (IoT): scale.

It’s actually a two-fold challenge. The first issue is the sheer number of IoT devices connected to the internet — a total that continues to grow every year. Gartner estimates that number will reach 26 billion by 2020. Secondly, how can device manufacturers and security providers possibly scale the process of identifying and authenticating each and every one of those devices?

Actually, forget what the IoT landscape will look like two years from now. The key reinstallation attack (KRACK) that targets a security vulnerability common to virtually all wireless-enabled devices illustrates just how formidable this challenge is today.

Hardware developers must prioritize security in the design process but should do so in a way that does not diminish the user experience. Leveraging public key infrastructure (PKI) and digital certificates can be used to meet these requirements.

The KRACK bug targets a serious flaw in WPA2, a common protocol used to secure modern wireless networks. The attacker can infiltrate network traffic from a WPA2-enabled device and place malicious content directly into the traffic stream. This illustrates how attackers try to exploit IoT devices. When a device connects to a network, it creates a new attack vector. Properly provisioning PKI certificates on devices can mitigate many of the risks inherent to IoT devices.

For most IoT hardware manufacturers, security has been an afterthought. This forces them to retrofit devices after the fact, with solutions to address malicious entities when they are discovered. It is an expensive, time-consuming and ineffective approach.

For that reason, security in IoT implementations must be a critical component of the device design and manufacturing processes to ensure that basic security requirements are in place. For decades, digital certificates have been the security backbone of networked devices like servers, routers, printers and fax machines. PKI can do the same for the internet of things.

Certificates can be used to encrypt data at rest. PKI also enables the authentication of users, systems and devices without the need for tokens, password policies or other cumbersome user-initiated factors. In mutual authentication scenarios, certificates will uniquely identify devices that enhance authorization and secure device-to-device communication. As a result, certificates ensure that any data or messages transferred cannot be altered.