Lack of ownership, resources, and skills continues to challenge PKI deployments
Driven by organisational changes, enterprise use of Public Key Infrastructure (PKI) and digital certificates has never been higher, while the related skills to manage PKI are in historically short supply, according to research from Ponemon Institute, sponsored by Entrust, a global leader in trusted identity, payments and data protection. The 2021 Global PKI and IoT Trends Study also revealed that IT professionals continue to see lack of clear ownership, resources and skills as the top challenges in deploying and managing PKI.
PKI is at the core of nearly every IT infrastructure, enabling security for critical digital initiatives such as cloud, mobile device deployment, identities and the internet of things (IoT). As such, PKI holds the key to enabling the digital transformation that these technologies underpin, something that has been thrown into sharp focus over the course of the global pandemic and its impact on working practices.
Top iTechnology Networking News: KIOXIA Introduces Industry’s First EDSFF Solid State Drives Designed with PCIe 5.0 Technology
Drivers and challenges of PKI adoption
When it comes to the most important trends driving the deployment of applications using PKI, cloud-based services remain the highest driver at 51%, the Internet of Things (IoT) remains the second highest growing trend cited by 46% of respondents, and consumer mobile comes in third at 39%.
The top challenge that impedes the deployment and management of PKI is a lack of clear ownership – cited by 67% of respondents. Respondents have raised this issue as a top challenge for the past 5 years, indicating a key area of concern for many enterprises.
Insufficient skills were rated as the second biggest challenge at 56% and lack of visibility of the applications that will depend on KPI was the third greatest challenge at 47%. Similarly, the top challenges to enabling applications to utilise PKI were the existing PKI being incapable of supporting new applications (55%) and insufficient skills (46%).
The areas expected to experience the most change and uncertainty were newer applications, such the Internet of Things (IoT) – which took the top spot for 41% of those surveyed. The second and third most cited areas were external mandates and standards (37%) and changes in PKI technologies (27%).
“Over the years we have been doing this study, it is clear that the gap between the rising demand for PKI adoption and the challenges hindering it appear to be growing,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “This has the potential to exacerbate the headaches organisations already feel and create gaps in their security postures. When you factor in that environments are more distributed with remote working, cloud and IoT, it’s clear that there’s an immediate need for many organisations to gain additional visibility, automation and centralised control.”
Top iTechnology Datacentre News: KIOXIA EDSFF E1.S SSDs Now Available for Hyperscale Data Centers
The Rise of Machine Identities
TLS/SSL certificates for public-facing websites and services are the most often cited use case for PKI credentials (81% of respondents). Private networks and VPN applications came in second (67%, up from 60% in 2020) and email security was third (55%, up from 51% in 2020), overtaking last year’s second and third positions of public cloud applications and enterprise user authentication. This change highlights the shifting focus on ensuring remote workers and distributed IT workloads can be kept secure.
The research also revealed that the average number of certificates organisations issue or acquire is still on the rise, up 4.3% from 56,192 in 2020 to 58,639 this year (and up 50% since 2019). While the number of human identities being secured has been relatively flat over the past few years, there are now more machine identities (devices and workflows) than human ones. This growth in machine identities is primarily driven by the growing use of IoT, cloud services and new applications.
Regardless of the reason for the growth, the more certificates an organization needs to manage, the more critical proper management becomes. With one in five (20%) of respondents stating they use a manual certificate revocation list and nearly a third (32%) admitting they have no certificate revocation technique, these organisations risk being vulnerable to attacks and facing outages to critical systems and the consequent business disruption and cost that comes with that.
“PKI has never been in such high demand – whether from the pressure of securing a remote or hybrid workforce this past year, or the continued growth of IoT and cloud-based services.” said John Metzger, vice president of product marketing, digital security at Entrust. “At the same time, the skills and resources required to deploy and manage PKI continue to be in short supply – an issue exacerbated by lack of clear organisational ownership over PKI deployments. To deal with this complexity, organisations need a strategy first and products second to support this transformation. This means that they need a partner like Entrust who not only has the technological capabilities, but the heritage and expertise to help succeed in this environment.
Top iTechnology AIOps News: Arctic Wolf Security Operations Cloud Reaches Massive Scale and a Global Footprint
[To share your insights with us, please write to sghosh@martechseries.com]