Public Key Infrastructure is the backbone of your network’s security. As much of your data in transit as possible should be encrypted! Your PKI helps to make sure that your certificates are used and distributed in a secure way. But if your PKI is poorly implemented, it can be easy for cyber attackers to access your sensitive data.
Ponemon Institute’s released it’s 2020 Global PKI Trends Study, based on surveying 6,157 IT professionals across multiple industries in regions around the world including the United States, Australia, Brazil, France, Germany, India, Japan, Russia, and the United Kingdom. Ponemon’s research reveals some surprising findings about how organizations worldwide implementation, trends, and common pain points around PKI.
How can an enterprise maintain control over their PKI without clear ownership? For responsibilities to be taken care of, someone or some entity must be made responsible. Of the top three challenges to enabling applications to use PKI, no clear ownership was reported by 63% of respondents. Other challenges included insufficient skills (52%) and insufficient resources (51%).
There are also related concerns. In 2018, 36% of organizations say that they have a lack of visibility of the applications that will depend on PKI. As of 2020 this number has increased to 52%! Organizations have an average of about eight applications which use PKI such as network authentication, VPN, device authentication and email. What can’t be seen can’t be kept secure! This all circles back to the base problem: the lack of clear ownership.
As far as PKI implementation challenges are concerned, an average of 52% cite insufficient skills, and about 51% cite insufficient resources, both of which are increased from Ponemon’s 2018 survey. These sound like problems that can be solved with investments in training and increases in IT budgets.
About 45% of respondents say their PKI deployment faces too much change or uncertainty. Specific staff training programs could be part of the solution, as there is great value in workers learning about how to maintain and modify PKI to suit both current and future security needs.
Frequent security testing by internal cybersecurity professionals and external third parties can also help an organization learn how to adjust and improve their PKI implementation. When a new PKI-dependent application is deployed, it becomes especially important to test its security. Also, having PKI application visibility is an absolute must to adapt to change. A lot of the problems discovered in this study are related to and directly affect each other.
Secure PKI implementation usually also requires visibility and control of all an organization’s Certificate Authorities. That’s because 44% of respondents deploy enterprise PKI through internal corporate CAs, and 48% of respondents use externally hosted private CAs. 25% of respondents use a public CA service, and 9% use a private CA running within a public cloud. An organization may have a hybrid network that exists both in the cloud and on premises, and some organizations have CAs from multiple types of sources. Organizations use an average of eight separate issuing CAs, with an average of eight distinct applications that need PKI. A lack of visibility in all of that can have serious consequences! Cyber attackers may be able to easily bypass the encryption of your data.
Ponemon Institute’s 2020 Global PKI Trends Study reveals some startling data. The good news is that these are solvable problems. Your organization would benefit from a full overhaul of your PKI deployment, and whether further training, a larger budget, and greater visibility is required. When cyber attackers can intercept your sensitive data, the financial and reputational damage to an organization can be rather serious. One solution your organization should strong consider is PKI automation, which greatly simplifies certificate management and enhances the trust PKI creates between business and stakeholders.
Ready to get started? Learn more about how Venafi’s Zero Touch PKI will kickstart your organization’s digital transformation!
NOTE: This blog has been updated. It was originally posted by Kim Crawley on November 8, 2018.