Organizations apply stronger PKI security controls due to their increasingly critical role today
Thales, a leader in critical information systems, cybersecurity and data security, announces that the Internet of Things (IoT) is the fastest growing trend driving the deployment of applications that use public key infrastructure (PKI) as evidenced by its latest annual 2018 Global PKI Trends Study.
The report, based on independent research by the Ponemon Institute and sponsored by Thales, reveals continued and increased reliance on PKI as a core enterprise asset and a root of trust. Over the past few years, cloud applications, and now the IoT, are the newest disrupters to future PKI planning as organizations not only tend to the digital certificate needs of today, but must also simultaneously prepare for the future – a future with never-before-seen diversity and scale.
While many of the traditional challenges to PKI adoption remain, such as a lack of clear ownership (70 percent), organizations are increasingly hiring PKI specialists and investing in additional security controls such as multi-factor authentication (62 percent). The findings, which reflect the responses of 1,600 IT security practitioners, demonstrate the current state of PKI maturity while hinting at future trends:
- In the next two years, almost half (42 percent) of IoT devices will use digital certificates for authentication
- As the IoT continues to grow, 27 percent believe PKI deployments for device credentialing will live in the cloud, with 43 percent a combination of both enterprise and cloud
- Enterprises are beginning to encrypt data from IoT devices with 49 percent of respondents either extensively or partially encrypting their IoT device data
- IoT is the top trend driving deployment of PKI-enabled applications with a 23 percent increase from 2015
- Ranking important PKI capabilities necessary for IoT deployments, 45 percent of respondents cited scalability to millions of managed certificates as most important, followed by 39 percent who cited online revocation
- The use of hardware security modules (HSMs) to secure PKI digital certificates to form a root of trust and enable strong authentication has increased to 39 percent
- Forty-four percent of companies in the healthcare/pharmaceutical sector believe the IoT is one of the top two trends driving deployment of PKI applications
- The industrial/manufacturing sector led the charge in growth of PKI usage with an average of 43,000 certificates under management
John Grimm, senior director security strategy, Thales says:
“In this era of digital transformation, where companies are deploying digital technologies to improve their operations, deliver value to customers and gain competitive advantage, IoT initiatives invariably are the backbone of those efforts. Huge amounts of data are generated by and collected from a rapidly growing number of IoT devices, with the cloud playing a pivotal role in IoT solutions of the future. But there’s no point in collecting and analyzing that data, and making business decisions based upon it if you’re not able to trust the devices or their data. For safe, secure IoT deployments organizations need to embrace time-tested security techniques, like PKI, to ensure the integrity and security of their IoT systems.”
Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, says:
“In previous years, we highlighted PKI as an established technology positioned to tackle the authentication needs and challenges to support the rise of cloud applications. Now, the C-suite is challenging its teams to leverage IoT to improve and drive business. With this comes the increased risk of more endpoints to protect, and the need to understand the role of PKI as a critical enabler. At the same time, this underscores the need for further advancement in skilling and resourcing related to PKI and the overall ownership within the organization.”