Organizations Need To Future-Proof Their PKI Driven By Cloud Adoption And IoT

The biggest PKI challenge is the inability of existing infrastructure to support new applications.

Enterprises are facing a new and evolving set of challenges and requirements that are driving changes to their core public key infrastructure (PKI). The biggest PKI challenge for organizations is the inability of existing infrastructure to support new applications, according to the results of the 2016 PKI Global Trends Study sponsored by critical information systems, cyber security, and data protection provider Thales.

The report, based on independent research by the Ponemon Institute, reveals an increased reliance on public key infrastructures (PKIs) in today’s enterprise environment, driven by the growing use of cloud-based services and applications and the Internet of Things (IoT).

Other top challenges enterprises face to enable applications to use PKI include the inability to change legacy apps (56 percent); insufficient skills (42 percent); insufficient resources (41 percent); too much change or uncertainty (40 percent); and no pre-existing PKI (37 percent).

As study authors write, “Current approaches to PKI are fragmented and do not always incorporate best practices, indicating a need for many organizations to apply increased effort to securing their PKI as an important part of creating a foundation of trust.”

“An increasing number of today’s enterprise applications are in need of digital certificate issuance services — and many PKIs are not equipped to support them. A PKI needs a strong root of trust to be fit for purpose if it is to support the growing dependency and business criticality of its services,” explained John Grimm, senior director security strategy, Thales e-Security. “By securing the process of issuing certificates and managing signing keys in an HSM, organizations can greatly reduce the risk of their loss or theft, thereby creating a high assurance foundation for digital security.”

Among the study’s findings:

• PKIs are increasingly used to support more and more applications, averaging eight different applications within a business.
• 62 percent of businesses regard cloud-based services as the most important trend driving the deployment of applications using PKI and over a quarter (28 percent) say IoT will drive this deployment.
• 58 percent of respondents say that the most significant challenge organizations face around PKI is the inability of their existing PKIs to support new applications.
• In a troubling trend, a large percentage of respondents continue to report that they have no certificate revocation techniques.
• The use of high assurance mechanisms such as hardware security modules (HSMs) to secure PKI has increased.
• The top places where HSMs are deployed to secure PKIs are for the most critical root and issuing certificate authority (CA) private keys (CAs) together with offline and online root certificate authorities.
• Industry compliance requirements impact PKI choices, with companies in industries with substantial regulatory requirements, including financial services and healthcare, being much more likely to choose internal CA as their primary PKI deployment method.

According to Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, “Digital transformation sees enterprises increasingly rely on cloud-based services and applications as well as an explosion in connected devices that is the IoT. This rapidly escalating burden of data sharing and device authentication is set to pile an unprecedented level of pressure onto existing PKIs, which now are considered part of the core IT backbone, resulting in a huge challenge for security professionals to create trusted environments. In short, as organizations continue to move to the cloud it is hugely important that PKIs are future proofed — sooner rather than later.”