In my last post, I examined the results of a recent poll Venafi conducted on its social media channels on public key infrastructure (PKI) management. I looked at which part of the organization owns PKI as well as the management strategies and certificate expiration policies that organizations have put in place. Simply put, many PKI teams are under increasing pressure to meet the expanding need for certificates.
In this blog, we will look at the rest of the survey. While you are reading, think about your own PKI program: how does it stack up to your peers?
Almost all organizations use multiple certificate authorities (CAs). However, using more than a handful of carefully selected CAs can make it challenging to control your PKI. Interestingly, 39% of the respondents of our poll have three or more CAs, making it more complex for the PKI team to effectively manage PKI security policies.
Most organizations anticipate their certificate use will grow by at least 25% over the next year or so. It’s imperative that PKI teams are prepared to put in place the structure and policies needed to meet this increased demand for certificates. PKI teams will be hard pressed to enforce certificate security policies when a wide range of users are generating them, especially because many of those requestors won’t completely understand exactly what they need.
Unfortunately, our poll revealed that there are requests coming from all over the organization. This can make is more challenging for PKI teams to respond quickly. And without a quick response, some requestors may go to unauthorized CAs to get quick certificates.
Simply put: if you don't know how many certificates you have, how can you protect them? Most of the poll respondents believe they have less than 5,000 certificates on their external domains. However, our customers have found their own estimates to be very inaccurate? After deploying Venafi, our customers found over 16,500 previously unknown keys and certificates (Source: TechValidate. TVID: 363-53E-598).
In a nutshell, organizations are overwhelmed by the explosion of encryption. The PKI teams are challenged by the increase in the number of certificate requests and face difficulties getting them deployed and installed correctly.