Skip to main content
banner image
venafi logo

Weak PKI Implementation is a Major Cyber Risk

Weak PKI Implementation is a Major Cyber Risk

PKI Cyber Risk
November 8, 2018 | Guest Blogger: Kim Crawley

Public Key Infrastructure is the backbone of your network’s security. As much of your data in transit as possible should be encrypted! Your PKI helps to make sure that your certificates are used and distributed in a secure way. But if your PKI is poorly implemented, it can be easy for cyber attackers to access your sensitive data.  

Venafi is proud to be a sponsor of Ponemon Institute’s recently released 2018 Global PKI Trends Study. For the study, Ponemon surveyed 1,688 IT professionals in regions around the world including the United States, Australia, Brazil, France, Germany, India, Japan, Russia, and the United Kingdom. Ponemon’s research reveals some worrisome findings about how organizations worldwide implement and deploy PKI.

How can an enterprise maintain control over their PKI without clear ownership? In order for responsibilities to be taken care of, someone or some entity must be made responsible. This is a challenge for most of the organizations that Ponemon surveyed. About 69.5% of survey respondents said that there’s no clear ownership of their PKI. 

There are also related concerns. About 36% of organizations say that they have a lack of visibility of the applications that will depend on PKI. Organizations have an average of about eight applications which use PKI such as network authentication, VPN, device authentication and email. What can’t be seen can’t be kept secure! Could the lack of clear ownership have something to do with that? 

As far as PKI implementation challenges are concerned, an average of 46.5% cite insufficient skills, and about 44.5% cite insufficient resources. These sound like problems that can be solved with investments in training and increases in IT budgets. 

About 39.5% of respondents say their PKI deployment faces too much change or uncertainty. I can see specific staff training programs as part of the solution. It’s worth it to have your workers learn in depth about how to maintain and modify PKI to suit both current and future security needs. Frequent security testing by internal cybersecurity professionals and external third parties can also help an organization learn how to adjust and improve their PKI implementation. When a new PKI-dependent application is deployed, it becomes especially important to test its security. Also, having PKI application visibility is an absolute must in order to adapt to change. A lot of the problems discovered in this study are related to and directly affect each other. 

Secure PKI implementation usually also requires visibility and control of all of an organization’s Certificate Authorities. That’s because 56% of respondents deploy enterprise PKI through internal corporate CAs, and 40% of respondents use externally hosted private CAs. 33% of respondents use a public CA service, and 23% use a private CA running within a public cloud. An organization may have a hybrid network that exists both in the cloud and on premises, and some organizations have CAs from multiple types of sources. Organizations use an average of eight separate issuing CAs, with an average of eight distinct applications that need PKI. A lack of visibility in all of that can have serious consequences! Cyber attackers may be able to easily bypass the encryption of your data. 

Ponemon Institute’s 2018 Global PKI Trends Study reveals some startling data. The good news is that these are solvable problems. Your organization ought to review how you deploy PKI, and if further training, a larger budget, and greater visibility is required. Such efforts will be well worth it. When cyber attackers can intercept your sensitive data, the financial and reputational damage to an organization can be rather serious. 

Related posts
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

end-to-end encryption, ghost proposal, encryption backdoor

Will the Trump Administration Succeed in Banning End-to-end Encryption?

HTTP, man-in-the-middle attack, HTTPS, TLS, TLS certificate, phishing attack

Can Attackers Use a New HTTP Exploit to Bypass Your TLS?

encryption backdoor, Cybersecurity, ssh key pair

Battle of the Backdoors in Networking Infrastructure: Intentional vs. Incidental

About the author

Guest Blogger: Kim Crawley
Guest Blogger: Kim Crawley
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat