Driven by organizational changes, enterprise use of Public Key Infrastructure (PKI) and digital certificates has never been higher, while the related skills to manage PKI are in historically short supply, according to research from Ponemon Institute, sponsored by Entrust, a global leader in trusted identity, payments and data protection. The 2021 Global PKI and IoT Trends Study also revealed that IT professionals continue to see a lack of clear ownership, resources, and skills as the top challenges in deploying and managing PKI.
PKI is at the core of nearly every IT infrastructure, enabling security for critical digital initiatives such as cloud, mobile device deployment, identities, and the internet of things (IoT). As such, PKI holds the key to enabling the digital transformation that these technologies underpin, something that has been thrown into sharp focus over the course of the global pandemic and its impact on working practices.
Drivers and challenges of PKI adoption
When it comes to the most important trends driving the deployment of applications using PKI in the Middle East market, the Internet of Things (IoT) remains the fastest-growing trend at 46%, with consumer mobile applications being the second-highest driver, cited by 44% of respondents, and Cloud-Based services coming in third at 37%. The top challenge that impedes the deployment and management of PKI is a lack of clear ownership – cited by 84% of respondents in the Middle East. Globally, respondents have raised this issue as a top challenge for the past 5 years, indicating a key area of concern for many enterprises.
Insufficient resources and insufficient skills were rated as the second and third challenges in the Middle East at 57% and 53% respectively. Similarly, on a global level, the top challenges to enabling applications to utilize PKI were the existing PKI being incapable of supporting new applications (55%) and insufficient skills (46%). The areas expected to experience the most change and uncertainty according to respondents in the Middle East were external mandates and standards, which took the top spot for 30% of those surveyed, while newer applications, such the Internet of Things (IoT) came second (28%).
“PKI has never been in such high demand in the Middle East region – whether from the pressure of securing a remote or hybrid workforce this past year, or the continued growth of IoT and cloud-based services,” said Hamid Qureshi, Regional Sales Director, Middle East, Africa, and South Asia at Entrust. “At the same time, the skills and resources required to deploy and manage PKI continue to be in short supply – an issue exacerbated by lack of clear organizational ownership over PKI deployments. To deal with this complexity, organizations need a strategy first and products second to support this transformation. This means that they need a partner like Entrust who not only has the technological capabilities, but the heritage and expertise to help succeed in this environment.”
“Over the years we have been doing this study, it is clear that that the gap between the rising demand for PKI adoption and the challenges hindering it appear to be growing,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “This has the potential to exacerbate the headaches organizations already feel and create gaps in their security postures. When you factor in that environments are more distributed with remote working, cloud and IoT, it’s clear that there’s an immediate need for many organizations to gain additional visibility, automation and centralized control.”
The Rise of Machine Identities
TLS/SSL certificates for public-facing websites and services are the most often cited use case for PKI credentials (81% of respondents globally). Private networks and VPN applications came in second (67%, up from 60% in 2020) and email security was third (55%, up from 51% in 2020), overtaking last year’s second and third positions of public cloud applications and enterprise user authentication. This change highlights the shifting focus on ensuring remote workers and distributed IT workloads can be kept secure.
The research also revealed that the average number of certificates organizations issue or acquire is still on the rise, up 4.3% from 56,192 in 2020 to 58,639 this year (and up 50% since 2019). While the number of human identities being secured has been relatively flat over the past few years, there are now more machine identities (devices and workflows) than human ones. This growth in machine identities is primarily driven by the growing use of IoT, cloud services, and new applications.
Regardless of the reason for the growth, the more certificates an organization needs to manage, the more critical proper management becomes. With one in five (20%) of respondents stating they use a manual certificate revocation list and nearly a third (32%) admitting they have no certificate revocation technique, these organizations risk being vulnerable to attacks and facing outages to critical systems and the consequent business disruption and cost that comes with that.