SmartThings continues to invest in the Developer Center with tools for partners such as Test Suite, Product Cloning, and Certification by Similarity to simplify product integration and certification for a single product or an entire portfolio.
The post Device Profile Builder: Easily Integrate Your Products with SmartThings appeared first on SmartThings Blog.
It only takes one expired certificate to bring everything to a halt. When a certificate expired at a smart meter company, it halted energy tracking for over 15 million homes. In another case, robotic arms at an automotive plant froze mid-production—all because of a single expired certificate. These aren’t isolated incidents—they’re symptoms of a much bigger issue.
As enterprises scale their use of automation, machine identities are multiplying at an unprecedented rate. But few have a system to manage them. Without a scalable system, trust quickly becomes a ticking time bomb. That’s where AppViewX AVX ONE CLM steps in—delivering the visibility, automation, and control you need to secure your machine identity landscape.
Machine and non-human identities are increasing exponentially, far outpacing the growth of human identities. According to the 2024 ESG Survey, organizations, on average, have 20X more non-human identities than human identities. And the growth isn’t slowing down, 52% of organizations predict an additional 20% increase in NHIs they manage in 2025.
These non-human identities include a wide range of device and workload identities:
As the machine-to-machine ecosystem grows, so does the challenge of managing trust at scale. If you can’t see them, rotate them, or revoke them—you’re exposed.
Traditional PKI and Certificate Lifecycle Management CLM solutions were built for a different era—one where certificates were issued to humans, lived for years, and were managed through manual approvals and periodic audits.
But machine and non-human identities don’t play by those rules. They:
Legacy PKI and CLM systems, still reliant on manual processes, weren’t designed for this pace or scale. They do not provide the visibility, automation, and real-time control needed to manage today’s sprawling machine and non-human identity landscape. As a result, organizations face increasing risk—from expired certificates that cause outages, to blind spots that open the door for security breaches and compliance failures.
AppViewX AVX ONE CLM offers a modern, scalable, and secure certificate lifecycle management solution purpose-built for today’s machine-driven, Zero Trust environments. It delivers complete visibility, end-to-end automation, and continuous policy control and governance of digital certificates and keys—across machines, applications, workloads, and cloud services. Designed with crypto-agility in mind, AVX ONE CLM addresses the unique challenges of managing non-human identities (NHIs):
By integrating deeply into both machine-native systems and enterprise IT, AppViewX AVX ONE CLM empowers your organization to:
The number of machine and non-human identities will continue to rise—and fast. Without proper management, trust breaks down, compliance fails, and innovation grinds to a halt. AppViewX AVX ONE CLM delivers the visibility, automation, and control needed to manage machine identities effectively and build the scalable trust foundation your autonomous enterprise demands.
Manage every certificate. Secure every workload. Trust every machine—with AppViewX AVX ONE CLM.
To learn more, request a demo of AppViewX AVX ONE CLM today.
From securing communications and authenticating users to ensuring data integrity, Public key infrastructure (PKI) plays a vital role in keeping today’s organizations secure and trusted. While its importance is clear, deploying and managing PKI effectively is anything but straightforward.
For many organizations, PKI is still a patchwork of legacy systems, manual processes, scattered certificate inventories, and growing complexity. Combine that with a shortage of skilled PKI experts and a lack of automation, and it’s no surprise that outages, vulnerabilities, and compliance issues keep surfacing.
Further, as IT environments evolve and change—with multi-cloud, DevOps, IoT, and the looming shift to post-quantum cryptography—traditional PKI setups are being pushed to their limits. Without the right processes, tools, and people in place, PKI can quickly become a bottleneck—or worse, a serious cybersecurity risk.
What’s needed to move past these challenges is a more strategic and structured approach to PKI. That’s where the PKI Maturity Model (PKIMM) comes in—a framework from the PKI Consortium that helps organizations assess their current PKI setup, identify gaps, and build a stronger, more resilient PKI for the future.
The PKI Maturity Model is a comprehensive and practical framework designed to help organizations assess how well their PKI is working—and where it needs improvement. It provides PKI and Security teams a way to step back, evaluate, and enhance their PKI maturity in a structured way.
Whether you’re running a lean team or managing PKI for a global enterprise, the PKI maturity model is applicable to all types of organizations—no matter the industry or use case.
Here’s what the PKI Maturity Model helps you with:
The PKI Maturity Model breaks things down into five clearly defined maturity levels—kind of like an audit scorecard for your PKI. Each level reflects how structured, consistent, and forward-looking your PKI practices are and the risks that come with where you currently stand.
However, these levels aren’t assessed in isolation. The model examines your PKI across four key modules that encompass all PKI dimensions: Governance, Management, Operations, and Resources. Each module includes a set of specific categories you’ll be scored on.
Together, these modules and their 15 categories, covering all the essential aspects—people, processes, and technology—provide a well-rounded view of your PKI, from high-level governance to hands-on operations and team readiness.
To simplify the assessment process, the PKI Consortium offers a straightforward, Excel-based assessment tool. It guides you through defining the scope of your environment, scoring each category, and generating a report that shows your maturity levels and areas for improvement. This structured process ensures consistent and repeatable evaluations, unlike scattered and ad-hoc self-assessments.
The PKI Maturity Model dives deep into all aspects of PKI, but a few categories stand out for their significant impact. Here’s a quick look at what low and high maturity look like in each—and what the model evaluates.
Well-defined policies and security measures are vital for successful PKI management. This model checks how well your PKI is governed—whether your rules, roles, and procedures are clearly defined and consistently applied.
This is where everything comes together. The model looks at how you discover, inventory, and profile certificates throughout the organization. It also examines how you issue, renew, revoke, and provision certificates.
PKI should evolve with your business and the broader security landscape. The model looks for robust and reliable change management processes that enable swift transitions without disrupting operations.
Automation is one of the proven ways to enhance PKI efficiency and minimize human error. The model assesses the extent of automation in certificate lifecycle management.
Visibility drives control. In this category, the model examines whether you have the necessary controls in place to detect issues, respond to threats, and maintain compliance.
Getting to higher maturity across these categories doesn’t happen overnight—but knowing where you stand is the first step. And with the PKI Maturity Model as your guide, you can move forward with a plan that’s built on structure, insight, and best practices.
Building PKI maturity is a journey, and modern PKI and CLM solutions can help you leap ahead by replacing complexity with speed, scale, and agility.
The AppViewX AVX ONE Platform is built to simplify and modernize PKI and certificate lifecycle management. It combines powerful certificate lifecycle management automation (AVX ONE CLM) with private PKI-as-a-Service (AVX ONE PKIaaS), giving you complete visibility and centralized control over all private and public certificates across your hybrid multi-cloud, containerized, and IoT environments.
AVX ONE CLM simplifies certificate lifecycle management with complete visibility, end-to-end automation, and continuous policy control and governance of digital certificates and keys. AVX ONE PKIaaS simplifies and modernizes private PKI management. You can quickly and securely set up fully compliant private CAs and start issuing certificates within minutes—no hardware to buy, no complex infrastructure to maintain.
Together, they help eliminate outages, mitigate security risks, ensure compliance, and build crypto-agility–all of which directly boost your PKI maturity.
Ready to level up your PKI and CLM? Use the PKI Maturity Model as your roadmap and let AppViewX AVX ONE be the engine that drives you to a secure, resilient, and future-ready PKI.
Check out AppViewX AVX ONE Platform, request a demo, or talk to one of our experts today.
Recently, Google announced that starting August 1, 2025, the Google Chrome browser will no longer trust TLS certificates issued by Chunghwa Telecom and Netlock Certificate Authorities (CAs). According to Google, the decision follows a pattern of compliance failures and a lack of measurable progress in addressing publicly reported issues.
Chunghwa Telecom is Taiwan’s largest integrated telecom service provider and operates a public Certificate Authority (CA) called ePKI, which issues digital certificates for secure web communications. Netlock, based in Hungary, is a specialized CA offering digital certification services, including TLS/SSL certificates, electronic signatures, and time stamping.
Any certificates issued by these CAs on or before July 31, 2025, will remain valid. However, certificates issued after that date will trigger browser warnings—like the dreaded “Your connection isn’t private” alert—creating trust issues for website visitors. Google intends to roll out these changes with Chrome 139, scheduled for release in early August.
Google’s decision to distrust Chunghwa Telecom and Netlock CAs wasn’t made lightly. Citing the reasons for distrust, Google stated, “Over the past several months and years, we have observed a pattern of compliance failures, unmet improvement commitments, and the absence of tangible, measurable progress in response to publicly disclosed incident reports. When these factors are considered in aggregate and considered against the inherent risk each publicly-trusted CA poses to the internet, continued public trust is no longer justified.”
If you’re using certificates from either Chunghwa Telecom or Netlock, Google strongly recommends switching to a new, publicly trusted CA as soon as possible—ideally before your current certificates expire, if that is after July 31, 2025. Doing so helps avoid trust warnings and service disruptions and outages on your websites and internet applications.
While it’s technically possible to reissue certificates from either of the two distrusted CAs before the August 1, 2025, deadline to buy more time, that’s only a temporary fix. You’ll still need to complete a full migration eventually—and the longer you wait, the higher the risk of service disruptions.
This isn’t the first time Google has pulled trust from a CA—and it likely won’t be the last.
Just last year, Google distrusted the Entrust CA. Thousands of organizations that relied on TLS certificates from Entrust were forced into a fast-paced migration to a new trusted public CA before the November deadline (in just about 4 months!). It was stressful, chaotic, and, for many, still ongoing.
In the broader picture, Google’s move should be welcomed as it reinforces the high standards expected of CAs and sends a clear message: trust must be earned through transparency, security, and accountability. That said, the responsibility for ensuring digital trust doesn’t end with browser vendors. Organizations must also step up—by implementing a multi-CA strategy and embedding CA agility and crypto-agility into their Certificate Lifecycle Management (CLM) practices.
Migrating from one CA to another is not just about setting up new CAs. It often means revoking and replacing thousands of certificates (across various certificate types and endpoints), retiring CA-related services, and coordinating efforts across multiple teams and systems.
Without a robust CLM solution, this process is prone to errors, bottlenecks, and missed deadlines. IT and security teams come under immense pressure, and the risk of certificate outages can ripple across applications and services.
Consider the recent Entrust CA distrust. For many enterprises operating without an automated CLM solution, CA migration has been a painful and complex process.
Whether you’re affected by the Entrust, Chunghwa Telecom, or Netlock CA distrust—or simply want to be ready for the next one—here’s how AppViewX can help.
AppViewX AVX ONE CLM, a comprehensive certificate lifecycle management automation solution, delivers crypto- and CA-agility to make the whole process simple and fast through:
Browsers play a critical role in enforcing accountability and raising the bar for Certificate Authorities. But, their safeguards only go so far.
For organizations, true resilience comes from being prepared—by diversifying your CA portfolio, automating certificate lifecycle management, and embedding crypto-agility into your CLM strategy. That’s how you stay ahead of the next CA distrust event.
Check out the AVX ONE CLM: Seamless CA Switch Capability Datasheet to see how AppViewX is making CA migrations fast and frictionless.
Already impacted by Entrust, Chunghwa Telecom, or Netlock? talk to one of our experts today to make the switch with confidence.
Quantum computing is not some far-off theory anymore, and the threat to today’s encryption is real with the clock running for organizations to be resilient. And for banks and finance organizations sitting on mountains of sensitive data, the urgency to prepare for post-quantum cryptography (PQC) is growing.
With Q-day (the day a powerful quantum computer breaks today’s RSA and ECC algorithms) possibly arriving as early as 2028, today’s encryption won’t hold for much longer. That puts financial institutions—prime targets with high-value customer data, transactions, and proprietary models—at risk of cyberattacks targeting broken encryption.
If any industry should be leading the charge on post-quantum cryptography, it is financial services. Not just because the risks are high—but because the fallout from a cyberattack would be catastrophic. Around the world, regulators and industry groups are sounding the alarm and laying out roadmaps to guide financial institutions toward PQC readiness. In this blog, let’s dive into what that really means and why now is the time to start preparing.
Quantum computing threats are accelerating beyond early predictions. While today’s quantum computers can’t yet break our strongest encryption, the hardware required will close the gap rapidly. What felt like a 2030s problem now threatens to arrive earlier. This means today’s widely used asymmetric algorithms like RSA and ECC are at high risk of being cracked by then, putting critical financial systems and data at serious risk.
“For the financial industry, the advent of quantum computers poses a risk to customer confidentiality and peer communications, authentication processes, and trust in digital signatures which enable dynamic legal agreements.”
– Quantum Safe Financial Forum – A call to action Report by Europol
Moreover, “Harvest Now, Decrypt Later” attacks are underway. Threat actors are capturing encrypted data today so they can decrypt it in the future using powerful quantum computers. That means sensitive financial records, customer data, intellectual property, and internal communications could all be exposed down the line—even if they’re presumed to be secure right now.
For financial organizations handling high-value data that needs to be stored and protected for years to come, the message is clear: don’t wait—begin your preparation for PQC migration today. Waiting until quantum threats are visible or until the threat becomes imminent could lead to data breaches, hefty financial losses, and lasting reputational damage.
Think of the NIST approved PQC encryption algorithms as the new vault for your most critical assets—built on mathematical problems so tough that neither today’s supercomputers nor tomorrow’s quantum computers can crack them. By swapping in PQC algorithms, you can lock down customer data, preserve transaction integrity, and ensure long-term privacy against quantum‑powered attacks.
But there is an even bigger win: retroactive protection. When PQC algorithms are in place, any encrypted data an attacker harvests today stays unreadable tomorrow—even by the most powerful quantum computers. In short, PQC protects both your future communications and everything you’re securing now.
Post-quantum cryptography promises unparalleled security, but rolling it out isn’t straightforward. Previous migrations—like SHA-1 to SHA-2—spanned over a decade; transitioning to quantum-secure algorithms is even more complex—and will demand significantly more time and resources.
There is no centralized view of keys and certificates scattered across on-prem servers, cloud environments, endpoints, and third-party services. Security teams are unaware of where sensitive encryption lives or how it’s used. That insight gap makes it significantly harder to assess quantum-risk exposure or prioritize migration efforts.
Quantum-safe algorithms behave very differently from today’s classical algorithms: they use larger keys, produce bulkier signatures, and demand more compute power. As a result, applications, protocols, and hardware modules often require substantial code rewrites, deep testing, and workflow overhauls—yet real-world PQC expertise remains scarce, making staffing these projects a struggle.
It all must happen without disrupting critical services or breaching data-retention and compliance mandates. That means extracting legacy encryption from software and hardware, modernizing infrastructure, updating policies, and coordinating cross-team migrations flawlessly—because any slip-up could stall trading platforms, payment systems, or customer portals.
Without a clear, step‑by‑step roadmap, financial institutions risk falling behind as quantum threats materialize. To stay ahead, organizations must start planning, testing, and laying the groundwork for a smooth and secure transition to PQC.
PQC is now a global priority. In the United States, the National Institute of Standards and Technology (NIST) is leading the charge with formal efforts to standardize PQC algorithms that can withstand quantum-level threats.
Over the last two years, NIST has finalized and published three official standards:
NIST’s roadmap also includes consideration for two additional algorithms: Falcon and HQC (Hamming Quasi-Cyclic). Once standardized, HQC will provide another option for key encapsulation mechanisms (KEM), while Falcon will support quantum-resistant digital signatures.
Several countries across the world have released roadmaps for PQC readiness and transition to spur real progress on post-quantum cryptography, especially in the finance sector.
NIST has laid out two critical deadlines: by 2030, classical cryptographic algorithms will be deprecated, and by 2035, they’ll be fully phased out. That’s not as far off as it sounds, especially for financial institutions managing complex infrastructures and long-lived data.
2. Europol’s Call to Action (QSFF – Feb 2025)
In February 2025, Europol’s Quantum Safe Financial Forum (QSFF) issued a clear call to action for financial institutions, vendors, and policymakers to jump into PQC migration without delay, recommending that they:
The United Kingdom’s National Cyber Security Centre (NCSC) is also urging the banking and financial services sector to act early on PQC. To help organizations stay on track, the NCSC has outlined three key milestones:
4. Switzerland’s Seven‑Step Roadmap (FIND)
Switzerland, too, is echoing the urgency. The Swiss Financial Innovation Desk (FIND) recently released its Action Plan to a Quantum-Safe Financial Future, providing a clear, seven-step roadmap to help financial institutions take the lead in preparing for quantum risk:
For financial institutions worldwide, this action plan offers a practical playbook to stay ahead of the curve and build long-term resilience against quantum threats.
As financial services race to deliver faster and smarter experiences, post‑quantum cryptography is more than a security upgrade—it’s a strategic advantage. Leading global banks, including JPMorgan, HSBC and Intesa Sanpaolo, are already investing in quantum computing to achieve breakthroughs in credit scoring, fraud detection, and pricing models. But without weaving PQC into your long‑term roadmap, those quantum investments won’t pay off. Transitioning to PQC and building true quantum resilience is the only way to lock out tomorrow’s threats, safeguard customer trust, and fully capitalize on quantum’s promise for the finance sector.
To help get your PKI and certificate infrastructure ready for the PQC shift, AppViewX AVX ONE CLM accelerates your PQC readiness with end-to-end certificate lifecycle management and crypto-agility, giving you comprehensive visibility, closed-loop automation, and complete policy control of your certificates—all in one powerful solution.
Explore AVX ONE CLM or talk to one of our experts today to get started!
Quantum computing is not some far-off theory anymore, and the threat to today’s encryption is real with the clock running for organizations to be resilient. And for banks and finance organizations sitting on mountains of sensitive data, the urgency to prepare for post-quantum cryptography (PQC) is growing.
With Q-day (the day a powerful quantum computer breaks today’s RSA and ECC algorithms) possibly arriving as early as 2028, today’s encryption won’t hold for much longer. That puts financial institutions—prime targets with high-value customer data, transactions, and proprietary models—at risk of cyberattacks targeting broken encryption.
If any industry should be leading the charge on post-quantum cryptography, it is financial services. Not just because the risks are high—but because the fallout from a cyberattack would be catastrophic. Around the world, regulators and industry groups are sounding the alarm and laying out roadmaps to guide financial institutions toward PQC readiness. In this blog, let’s dive into what that really means and why now is the time to start preparing.
Quantum computing threats are accelerating beyond early predictions. While today’s quantum computers can’t yet break our strongest encryption, the hardware required will close the gap rapidly. What felt like a 2030s problem now threatens to arrive earlier. This means today’s widely used asymmetric algorithms like RSA and ECC are at high risk of being cracked by then, putting critical financial systems and data at serious risk.
“For the financial industry, the advent of quantum computers poses a risk to customer confidentiality and peer communications, authentication processes, and trust in digital signatures which enable dynamic legal agreements.”
– Quantum Safe Financial Forum – A call to action Report by Europol
Moreover, “Harvest Now, Decrypt Later” attacks are underway. Threat actors are capturing encrypted data today so they can decrypt it in the future using powerful quantum computers. That means sensitive financial records, customer data, intellectual property, and internal communications could all be exposed down the line—even if they’re presumed to be secure right now.
For financial organizations handling high-value data that needs to be stored and protected for years to come, the message is clear: don’t wait—begin your preparation for PQC migration today. Waiting until quantum threats are visible or until the threat becomes imminent could lead to data breaches, hefty financial losses, and lasting reputational damage.
Think of the NIST approved PQC encryption algorithms as the new vault for your most critical assets—built on mathematical problems so tough that neither today’s supercomputers nor tomorrow’s quantum computers can crack them. By swapping in PQC algorithms, you can lock down customer data, preserve transaction integrity, and ensure long-term privacy against quantum‑powered attacks.
But there is an even bigger win: retroactive protection. When PQC algorithms are in place, any encrypted data an attacker harvests today stays unreadable tomorrow—even by the most powerful quantum computers. In short, PQC protects both your future communications and everything you’re securing now.
Post-quantum cryptography promises unparalleled security, but rolling it out isn’t straightforward. Previous migrations—like SHA-1 to SHA-2—spanned over a decade; transitioning to quantum-secure algorithms is even more complex—and will demand significantly more time and resources.
There is no centralized view of keys and certificates scattered across on-prem servers, cloud environments, endpoints, and third-party services. Security teams are unaware of where sensitive encryption lives or how it’s used. That insight gap makes it significantly harder to assess quantum-risk exposure or prioritize migration efforts.
Quantum-safe algorithms behave very differently from today’s classical algorithms: they use larger keys, produce bulkier signatures, and demand more compute power. As a result, applications, protocols, and hardware modules often require substantial code rewrites, deep testing, and workflow overhauls—yet real-world PQC expertise remains scarce, making staffing these projects a struggle.
It all must happen without disrupting critical services or breaching data-retention and compliance mandates. That means extracting legacy encryption from software and hardware, modernizing infrastructure, updating policies, and coordinating cross-team migrations flawlessly—because any slip-up could stall trading platforms, payment systems, or customer portals.
Without a clear, step‑by‑step roadmap, financial institutions risk falling behind as quantum threats materialize. To stay ahead, organizations must start planning, testing, and laying the groundwork for a smooth and secure transition to PQC.
PQC is now a global priority. In the United States, the National Institute of Standards and Technology (NIST) is leading the charge with formal efforts to standardize PQC algorithms that can withstand quantum-level threats.
Over the last two years, NIST has finalized and published three official standards:
NIST’s roadmap also includes consideration for two additional algorithms: Falcon and HQC (Hamming Quasi-Cyclic). Once standardized, HQC will provide another option for key encapsulation mechanisms (KEM), while Falcon will support quantum-resistant digital signatures.
Several countries across the world have released roadmaps for PQC readiness and transition to spur real progress on post-quantum cryptography, especially in the finance sector.
NIST has laid out two critical deadlines: by 2030, classical cryptographic algorithms will be deprecated, and by 2035, they’ll be fully phased out. That’s not as far off as it sounds, especially for financial institutions managing complex infrastructures and long-lived data.
2. Europol’s Call to Action (QSFF – Feb 2025)
In February 2025, Europol’s Quantum Safe Financial Forum (QSFF) issued a clear call to action for financial institutions, vendors, and policymakers to jump into PQC migration without delay, recommending that they:
The United Kingdom’s National Cyber Security Centre (NCSC) is also urging the banking and financial services sector to act early on PQC. To help organizations stay on track, the NCSC has outlined three key milestones:
4. Switzerland’s Seven‑Step Roadmap (FIND)
Switzerland, too, is echoing the urgency. The Swiss Financial Innovation Desk (FIND) recently released its Action Plan to a Quantum-Safe Financial Future, providing a clear, seven-step roadmap to help financial institutions take the lead in preparing for quantum risk:
For financial institutions worldwide, this action plan offers a practical playbook to stay ahead of the curve and build long-term resilience against quantum threats.
As financial services race to deliver faster and smarter experiences, post‑quantum cryptography is more than a security upgrade—it’s a strategic advantage. Leading global banks, including JPMorgan, HSBC and Intesa Sanpaolo, are already investing in quantum computing to achieve breakthroughs in credit scoring, fraud detection, and pricing models. But without weaving PQC into your long‑term roadmap, those quantum investments won’t pay off. Transitioning to PQC and building true quantum resilience is the only way to lock out tomorrow’s threats, safeguard customer trust, and fully capitalize on quantum’s promise for the finance sector.
To help get your PKI and certificate infrastructure ready for the PQC shift, AppViewX AVX ONE CLM accelerates your PQC readiness with end-to-end certificate lifecycle management and crypto-agility, giving you comprehensive visibility, closed-loop automation, and complete policy control of your certificates—all in one powerful solution.
Explore AVX ONE CLM or talk to one of our experts today to get started!