Schneider Electric Secures Firmware, Software, and Device Identities at Scale

Schneider Electric, headquartered in France, is a €35B global manufacturer operating in more than 100 countries, with over 140,000 employees. The company delivers solutions spanning home energy management, industrial automation, utilities, and large-scale data centers. 

The company’s IoT practice is responsible for end-to-end security across connected devices, hosted platforms, and software, spanning everything from smart home panels to mission-critical utility systems used by customers worldwide.  

As Schneider Electric’s connected products and digital offerings expanded, their mix of purpose-built systems for firmware and software signing began to show its limits.  

“Before we engaged with Keyfactor, we had a purpose-built solution for firmware and a SaaS solution for software. They really didn’t know each other, they weren’t scalable, and they were expensive to operate and maintain,” explained Fred Cohn, Digital Risk Leader for Schneider Electric’s IoT Practice. Operating in silos created inefficiencies, limited visibility, and rising maintenance costs.  

To meet growing demand, evolving regulatory requirements, and the long lifecycles of industrial devices, Schneider Electric needed a modern, scalable solution. Partnering with Keyfactor provided the foundation — a trusted platform to simplify operations, strengthen security, and support continued global growth. 

Cohn shares, “We were struggling with purpose-built systems that didn’t scale and weren’t supported. What we needed was a real supplier, not just a designer of one-off solutions — and Keyfactor gave us a standardized, scalable platform we could rely on.” 

Schneider Electric turned to Keyfactor to replace its siloed systems with a centralized, standards-based PKI and signing solution. By consolidating firmware and, software signing, and certificate issuance for device authenticity under one solution, Schneider can now scale securely while ensuring best-in-class security practices across the enterprise.

With Keyfactor,  Schneider’s PKI team can now manage all certificate operations from a single platform, eliminating redundant systems and giving product teams a common, trusted foundation to build on. As a result, Schneider has reduced operational overhead and spend by 80%.

Additionally, Schneider is able to deploy Keyfactor flexibly across the enterprise, leveraging a mix of on-premise and SaaS architectures.  Schneider uses SaaS environments to pilot new initiatives, virtual machines for firmware signing, and hardened appliances for high-volume software builds. This allows each business unit to adopt the model that best fit its operational needs, without introducing fragmentation.

Scalability was equally important. Schneider’s software teams sign builds daily, generating millions of events per year, while firmware releases occur only a few times annually. Keyfactor’s architecture supports both extremes seamlessly, enabling automation at high volumes without driving up operating costs.

Just as critically, Keyfactor enables Schneider to stay ahead of evolving compliance requirements. With IEC 62443 as an industry benchmark and new mandates such as the EU Cyber Resilience Act emerging, Schneider now has a standards-based platform in place that helps them stay ahead, strengthening customer trust and while ensuring audit readiness.

Finally, Keyfactor provides a roadmap for the future. With many industrial devices remaining in service for decades, preparation for post-quantum cryptography is  essential. By partnering with Keyfactor, Schneider has the flexibility to adapt  as algorithms and standards evolve, ensuring its products and customers remain protected well into the future.

Since adopting Keyfactor, Schneider Electric has achieved measurable results in terms of  cost, compliance, and scale. The company realized a 10x reduction in software signing costs compared to its previous SaaS-based solution, while also achieving an 80% decrease in the cost of key ceremonies with EJBCA.

Fred shared, “By transitioning from our old SaaS software signing solution to Keyfactor, we saw an order of magnitude drop in operating costs. On the firmware side, using EJBCA has cut our key ceremony costs to about one-fifth of what they were before.”

Beyond cost savings, Schneider has established consistent and compliant signing practices across global business units. They have a scalable architecture capable of handling rapid growth in IoT devices and software signing volumes without proportional cost increases, giving teams the flexibility to innovate without added overhead. Finally, Schneider has strengthened its compliance posture with regulatory readiness for both internal programs and external mandates, from IEC 62443 to the EU Cyber Resilience Act.

“We would absolutely recommend Keyfactor to other manufacturers who need scalable, cost-effective solutions for firmware signing, software signing, device authenticity, or even enterprise certificates. They’ve given us one consistent way to do all of it.”