The rise of the Internet of Things (IoT) in the enterprise and its impact on how organizations design and build their public key infrastructure (PKI) is a key theme. Specifically, IoT is the fastest trend driving the deployment of applications using PKI.
While external mandates and standards and enterprise applications have declined in companies’ concerns about change and uncertainty, in the past three years the focus on how new applications such as IoT will affect PKI uncertainty has increased significantly.
On average, companies today are using their PKI to support over eight different applications. Yet the findings of this study indicate a general lack of clear ownership of PKIs, as well as a lack of resources and skills to properly support them. Current approaches to PKI are fragmented and do not always incorporate best practices, indicating a need for many organizations to apply increased effort to securing their PKI as an important part of creating a foundation of trust.1
Key findings include:
IoT is growing as an important trend driving the deployment of applications using PKI. While the most important trend driving the deployment of applications that make use of PKI continues to be cloud-based services (54 percent of respondents), IoT increased from 21% to 40% of respondents over the past three years.
In the next two years, an average of 43% of IoT devices in use will rely primarily on digital certificates for identification and authentication.
How are private keys for root/policy/issuing CAs managed? Hardware security modules (HSMs) are used by 36% of respondents to manage the private keys for root/policy/issuing CAs.
The challenge of dealing with a lack of visibility of the security capabilities of existing PKI grows. The lack of visibility of the security capabilities of an existing PKI has increased from 19% in 2015 to 28% of respondents in this year’s research.
The main PKI deployment challenge continues to be the lack of clear ownership of the PKI function. 69% of respondents believe there is no one function responsible for managing PKI, a slight increase from 2015.
FIPS 140 and Common Criteria are the most important security certifications when deploying PKI infrastructure and PKI-based applications. 65% say FIPS 140 is most important and this is closely followed by Common Criteria (64% of respondents) when deploying PKI.
SSL certificates for public facing websites and services increase the use of PKI credentials significantly. Applications most often using PKI credentials are SSL certificates for public facing websites and services (84% of respondents).
Download the report HERE