REACH - non-regulatory announcement*

11 March 2025

Tern Plc

("Tern" or the "Company")

Device Authority partnership with Microsoft and CyberArk

Tern Plc (AIM:TERN), the investment company specialising in supporting high growth, early-stage, disruptive Internet of Things ("IoT") technology businesses, is pleased to note that Device Authority Limited ("Device Authority"), a company in which Tern currently holds 25.3% of the equity, has announced that Microsoft, CyberArk, and Device Authority have joined forces to deliver a secure IoT solution for manufacturing based on the National Institute of Standards and Technology ("NIST") latest framework, extracts of which are set out below.

Extracts from the Device Authority announcement:

In response to the increasing need for secure IoT infrastructure in the manufacturing sector, CyberArk, Device Authority, and Microsoft have partnered to launch a comprehensive solution grounded in the National Institute of Standards and Technology (NIST) reference architecture for IoT security. This collaboration is designed to help manufacturers protect their connected devices from factory floors to edge environments by embedding robust identity security, access management, and device lifecycle protection.

The manufacturing industry is experiencing a digital transformation driven by the coming together of the Internet of Things (IoT) and Operational Technology (OT), with countless devices now connected to optimize operations. However, each connected device introduces new vulnerabilities, making security paramount. The NIST reference architecture for IoT, introduced in May 2024, provides a structured approach to secure onboarding, continuous device management, and threat monitoring across the device lifecycle. However, translating this framework into practical, scalable solutions requires collaborative innovation, which Microsoft, CyberArk, and Device Authority aim to provide through their partnership.

Each partner brings essential capabilities to this end-to-end solution architecture for NIST compliance. Through Azure IoT and Defender for IoT, Microsoft enables secure, scalable device management and real-time monitoring. The cloud-edge integration ensures consistent security for devices, even in remote, air-gapped environments. As a leader in identity security, CyberArk provides Privileged Access Management (PAM) solutions that restricts unauthorized human access to critical devices and systems. Finally, Device Authority, a leader in device identity lifecycle management, automates secure device onboarding, identity credentialing and encryption, minimizing human error, accelerating incident response and maintaining data integrity through the connected ecosystem.

Together, these solutions offer manufacturers a secure architecture that aligns with NIST's guidance, safeguarding IoT devices and data from deployment to decommissioning.

Commenting on the solution, Device Authority CEO Darron Antill, said: "Manufacturers often face unique security challenges, particularly at the edge, where devices operate in remote or decentralized locations. Edge environments introduce added vulnerabilities thanks to high device density, varying network connectivity and intermittent monitoring but still the need for real-time decision-making. This complex environment makes a solution that can operate across widely dispersed devices and locations and help to ensure device and data security and operational continuity vital.

"Our joint solution addresses these challenges by integrating cloud-edge connectivity, secure identity management, and lifecycle security. This unified solution enables manufacturers to protect devices from malicious access and maintain operational resilience, even in the most distributed settings."

Brian Carpenter, Senior Director Business Development at CyberArk, added: "The complexity of the security challenges faced by the Manufacturing Sector in particular means that no single solution can enable an organization to be fully compliant with important NIST guidelines and navigating the vendor ecosystem to create a piecemeal solution is almost impossible.  By joining forces, we are smoothing the way for people to implement the best practices that enable NIST compliance from automation of security of operations to reduce risk and improve scalability, to continuous monitoring and threat detection and privileged access management across the entire spectrum of identities."

Kaivan Karimi, Global Partner Strategy and OT Cybersecurity Lead, from Microsoft, concluded: "As connected technologies become more embedded in manufacturers operations, protecting these devices is critical. This collaboration between three leading companies in their field provides manufacturers with a comprehensive approach to their IoT security, directly aligned with NIST's latest guidelines. With an ecosystem-based security solution, manufacturers can protect their operations from the factory floor to the edge, ensuring both regulatory compliance and resilience against cyber threats."

About Device Authority

Device Authority is a global leader in Identity and Access Management ("IAM") for the IoT; focused on the automotive, medical device ("IoMT") and industrial ("IIoT") sectors. Device Authority's KeyScaler™ platform provides zero touch provisioning and complete automated lifecycle management for securing IoT devices and data at scale, with frictionless deployment across device provisioning, authentication, credential management, policy based end-to-end data security/encryption and secure OTA (over the air) and HSM (hardware security module) updates. For more information, visit: https://deviceauthority.com

Enquiries

* About Reach announcements

This is a Reach announcement. Reach is an investor communication service aimed at assisting listed and unlisted (including AIM quoted) companies to distribute media only / non-regulatory news releases into the public domain. Information required to be notified under the AIM Rules for Companies, Market Abuse Regulation or other regulation would be disseminated as an RNS regulatory announcement and not on Reach.