The biggest PKI challenge is the inability of existing infrastructure to support new applications.
Enterprises are facing a new and evolving set of challenges and requirements that are driving changes to their core public key infrastructure (PKI). The biggest PKI challenge for organizations is the inability of existing infrastructure to support new applications, according to the results of the 2016 PKI Global Trends Study sponsored by critical information systems, cyber security, and data protection provider Thales.
The report, based on independent research by the Ponemon Institute, reveals an increased reliance on public key infrastructures (PKIs) in today’s enterprise environment, driven by the growing use of cloud-based services and applications and the Internet of Things (IoT).
Other top challenges enterprises face to enable applications to use PKI include the inability to change legacy apps (56 percent); insufficient skills (42 percent); insufficient resources (41 percent); too much change or uncertainty (40 percent); and no pre-existing PKI (37 percent).
As study authors write, “Current approaches to PKI are fragmented and do not always incorporate best practices, indicating a need for many organizations to apply increased effort to securing their PKI as an important part of creating a foundation of trust.”
“An increasing number of today’s enterprise applications are in need of digital certificate issuance services — and many PKIs are not equipped to support them. A PKI needs a strong root of trust to be fit for purpose if it is to support the growing dependency and business criticality of its services,” explained John Grimm, senior director security strategy, Thales e-Security. “By securing the process of issuing certificates and managing signing keys in an HSM, organizations can greatly reduce the risk of their loss or theft, thereby creating a high assurance foundation for digital security.”
Among the study’s findings:
According to Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, “Digital transformation sees enterprises increasingly rely on cloud-based services and applications as well as an explosion in connected devices that is the IoT. This rapidly escalating burden of data sharing and device authentication is set to pile an unprecedented level of pressure onto existing PKIs, which now are considered part of the core IT backbone, resulting in a huge challenge for security professionals to create trusted environments. In short, as organizations continue to move to the cloud it is hugely important that PKIs are future proofed — sooner rather than later.”