Mocana Is Acquired by DigiCert, Fortifying Its Position in the IoT Security Arena

Subscribe To Download This Insight

1Q 2022 | IN-6439

In mid-January, DigiCert—a leading certificate authority, Public Key Infrastructure (PKI), and digital security provider—publicly announced the acquisition of industrial Internet of Things (IoT) cybersecurity and embedded security specialist Mocana.

Registered users can unlock up to five pieces of premium content each month.

Log in or register to unlock this Insight.


Focus Toward Securing the Early Stages of the Supply Chain


In mid-January, DigiCert—a leading certificate authority, Public Key Infrastructure (PKI), and digital security provider—publicly announced the acquisition of industrial Internet of Things (IoT) cybersecurity and embedded security specialist Mocana. This acquisition will greatly increase DigiCert’s profile in the IoT security arena. It will allow DigiCert to mobilize toward a broader spectrum of applications and strategically bolster its ability to safeguard customer operations to provide an additional boost in the early stages of a device identity value chain. What does this acquisition bring, and why does it matter?

Core Competencies for DigiCert and Mocana


At its core, DigiCert offers two PKI identity life-cycle management platforms. One is aimed at the enterprise level, and the other is aimed at IoT. The IoT PKI platform (IoT Device Manager) offers cloud provider and architecture agnosticism, containerization options, and multi-IoT application support. The company has made some rather impressive strides in IoT security. Although most of its options addressed primarily enterprise environments and secure-sockets-layer and transport-layer-security options just a few years ago, the company has been targeting key IoT markets, including industrial and manufacturing, smart city and transportation, utilities, automotive, consumer, and healthcare. This includes applications like securing smart energy grids, providing reliable vehicle-to-everything communication in vehicle smart-city use cases, protecting data streams across manufacturing assembly lines, and even protecting a consumer’s private data.

Mocana’s strength lies in secure life-cycle management of connected devices both for on-premises and cloud environments, with a distinct specialization in providing secure device manufacturing and firmware installation services for original equipment manufacturers, other security providers, semiconductor vendors, and device operators. Mocana’s services have branched out to embedded security, device hardening, edge server protection, supply chain security, secure device onboarding, and authentication services while still tackling risk management and regulatory and industry standard compliance for its customers. The value proposition behind this strategic acquisition will not only enhance DigiCert’s portfolio but allow Mocana’s security arsenal to shine.

The Four Pillars/Key Value Proposition of the Acquisition


The key value proposition behind the combined force of DigiCert and Mocana rests on four pillars.

  1. Securing the firmware installation process for devices during the manufacturing phase. This includes assisting customers to meet regulatory requirements for secure IoT integrations covering hardware, data encryption, authentication, and other security parameters. Additionally, Mocana’s expertise will allow DigiCert to modernize traditionally isolated environments in industrial markets with networked data and communication for data-driven intelligent operations and maintenance, addressing information and operational technology convergence concerns.
  2. Securing management of IoT device identities. The acquisition will allow for secure management of IoT device identities throughout the supply chain through flexible digital certificate and key management options.
  3. Tackling device tamper resistance. It will enable DigiCert to tackle device tamper resistance by working with vendors throughout the supply chain to provide secure services in order to harden devices with secure identity, software, updates, boot, communication, data transfer, and monitoring. This includes a key element in IoT operations: data protection. The company endeavors to strengthen mutual authentication of devices for secure connectivity and sensitive data transfer that spans various applications ranging from patient healthcare information to firmware updates and intellectual property and even to low-security applications like home smart devices.
  4. Providing secure remote firmware updates. Finally, DigiCert will be able to provide secure remote firmware updates, reducing the technical maintenance burden with automated update services and securing remote over-the-air updates and greatly enhancing field maintenance and remote provisioning operations.

While Mocana has always focused great care and attention on cybersecurity operations for its customers, the fact is that the company has had its fair share of challenges in staying in the spotlight from a marketing perspective. Mocana has not received increased media attention during the past few years, even though the company does not appear to have any significant problems from a technical standpoint, and that is why this acquisition will be a great opportunity to reestablish its image by joining forces with a leading IoT identity and PKI provider.



Companies Mentioned