Notifications
Clear all
Topic starter
25/06/2026 3:02 pm
TL;DR: Matter reduces smart-device integration friction by giving devices a shared interoperability and certificate-based trust model, according to DigiCert. For security teams, the real shift is that device identity, software integrity, and cross-vendor onboarding become governable at scale rather than handled as one-off integration problems.
NHIMG editorial — based on content published by DigiCert: The Matter with Smart Devices
By the numbers:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security.
Questions worth separating out
Q: How should security teams govern smart device identities in mixed-vendor environments?
A: Security teams should treat smart devices as governed non-human identities.
Q: Why do connected devices create identity risk for enterprise programmes?
A: Connected devices create identity risk because they multiply the number of trusted endpoints, credentials, and update paths that must be managed.
Q: What breaks when device certificates are not managed as part of lifecycle governance?
A: When device certificates are not lifecycle-managed, revocation, ownership change, and re-enrolment become unreliable.
Practitioner guidance
- Define device identity ownership before onboarding Assign a business owner, technical owner, and certificate steward for each device class before it is connected to any shared environment.
- Treat certificate lifecycle as a control, not an afterthought Track issuance, renewal, revocation, and replacement for device certificates in the same way you track other non-human identities.
- Reduce credential sharing across vendor ecosystems Eliminate repeated logins and cross-platform secret handoffs wherever possible.
What's in the full article
DigiCert's full blog covers the operational detail this post intentionally leaves for the source:
- How Matter uses device attestation certificates and PKI to establish device authenticity across vendors
- Examples of how software signing supports integrity in connected home and office devices
- The interoperability pain points the article says Matter is designed to reduce in mixed-vendor environments
- The enterprise scenarios the author uses to explain why smart-device trust matters beyond the home
👉 Read DigiCert's analysis of Matter and smart device identity trust →
Matter protocol and smart device identity: what changes for security teams?
Explore further
25/06/2026 4:18 pm
Device interoperability becomes an identity problem before it becomes an integration problem. Matter reduces friction, but the governance burden shifts to certificates, onboarding, and lifecycle control across devices that may come from multiple vendors. That is a familiar pattern in machine identity security: once credentials and trust are distributed across many endpoints, visibility becomes the limiting control. The implication is that smart-device programmes need identity governance, not just compatibility testing.
A few things that frame the scale:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to the Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which shows how quickly machine identity governance breaks down once trust scales beyond a few known systems.
A question worth separating out:
Q: Which controls matter most when smart devices connect to enterprise systems?
A: The most important controls are certificate validation, signed update verification, ownership assignment, and revocation processes. Those controls ensure that connectivity is backed by trust, that updates come from approved sources, and that devices can be removed from the environment when their business need ends.
👉 Read our full editorial: Matter protocol changes smart device identity and trust models
