Entrust study highlights skill shortages with high demand for PKI and digital certificates
Digital transformation and workplace evolution are driving demand for and public key infrastructure and digital certificates, according to a global study of PKI and IoT trends.
According to research from Ponemon Institute, sponsored by Entrust, organisational changes driven by enterprise use of Public Key Infrastructure (PKI) and digital certificates has never been higher, while the related skills to manage PKI are historically in short supply.
The 2021 Global PKI and IoT Trends study also revealed that IT professionals continue to see a lack of clear ownership, resources and skills as the top challenges in deploying and managing PKI.
Entrust says PKI is at the core of nearly every IT infrastructure, enabling security for critical digital initiatives such as cloud, mobile device deployment, identities, and the internet of things (IoT). It says PKI holds the key to enabling the digital transformation that those technologies underpin, which has been brought into focus throughout the global pandemic and its impact on working practices.
Drivers and challenges of PKI adoption
In Australia, when it comes to the most important trends driving the deployment of PKI applications, the Internet of Things remains the fastest-growing trend at 54%, with consumer mobile applications coming in second at 44% and consumer mobile third at 37%.
The study finds the top challenge impeding the deployment and management of PKI is a lack of clear ownership, cited by 71% of respondents globally and 78% of respondents from Australia. Respondents worldwide have raised this issue as a top challenge for the past five years, indicating a key area of concern for many enterprises.
Insufficient resources and insufficient skills were rated as the second and third challenges at 51% and 46%, respectively. Similarly, the top challenges to enabling applications to utilise PKI were the existing PKI inability to support new applications (55%) and insufficient skills (46%).
The areas expected to experience the most change and uncertainty were newer applications, such as IoT, which took the top spot for 41% of those surveyed globally. The second and third most cited areas were external mandates and standards (37%) and changes in PKI technologies (27%).
"Over the years we've been doing this study, it's clear that the gap between the rising demand for PKI adoption and the challenges hindering it appears to be growing," says Ponemon Institute chairman and founder, Dr Larry Ponemon.
"This has the potential to exacerbate the headaches organisations already feel and create gaps in their security postures. When you factor in environments being more distributed with remote working, cloud and IoT, it's clear there's an immediate need for many organisations to gain additional visibility, automation and centralised control."
The Rise of Machine Identities
TLS/SSL certificates for public-facing websites and services are the most often cited use case for PKI credentials (81% of respondents). Private networks and VPN applications came in second (67%, up from 60% in 2020), and email security was third (55%, up from 51% in 2020), overtaking last year's second and third positions of public cloud applications and enterprise user authentication. Entrust believes this change highlights the shifting focus on ensuring remote workers and distributed IT workloads can be kept secure.
The research also found the average number of certificates organisations issue or acquire is still rising, up 4.3% from 56,192 in 2020 to 58,639 this year (and up 50% since 2019). While the number of human identities secured has been relatively flat over the past few years, there are now more machine identities (devices and workflows) than human ones. This growth in machine identities is primarily driven by the growing use of IoT, cloud services and new applications.
"PKI has never been in such high demand whether from the pressure of securing a remote or hybrid workforce this past year or the continued growth of IoT and cloud-based services," says Entrust vice president of Product Marketing, Digital Security, John Metzger.
"At the same time, the skills and resources required to deploy and manage PKI continue to be in short supply, an issue exacerbated by lack of clear organisational ownership over PKI deployments. To deal with this complexity, organisations need a strategy first and products second to support this transformation."