According to Ponemon Institute research funded by Entrust, enterprise use of Public Key Infrastructure (PKI) and digital certificates has never been higher due to organizational changes, while the relevant skills to handle PKI have historically been in short supply. IT professionals continue to identify lack of clear ownership, resources, and skills as the main issues in installing and managing PKI, according to the 2021 Global PKI and IoT Trends Study.
The areas expected to experience the most change and uncertainty according to respondents in the Middle Eastwere external mandates and standards, which took the top spot for 30% of those surveyed, while newer applications, such the Internet of Things (IoT) came second (28%).
“PKI has never been in such high demand in the Middle East region – whether from the pressure of securing a remote or hybrid workforce this past year, or the continued growth of IoT and cloud-based services.” said Hamid Qureshi, Regional Sales Director, Middle East, Africa and South Asia at Entrust.
He added, “At the same time, the skills and resources required to deploy and manage PKI continue to be in short supply – an issue exacerbated by lack of clear organizational ownership over PKI deployments. To deal with this complexity, organizations need a strategy first and products second to support this transformation. This means that they need a partner like Entrust who not only has the technological capabilities but the heritage and expertise to help succeed in this environment.”
“Over the years we have been doing this study, it is clear that that the gap between the rising demand for PKI adoption and the challenges hindering it appears to be growing,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “This has the potential to exacerbate the headaches organizations already feel and create gaps in their security postures. When you factor in that environments are more distributed with remote working, cloud and IoT, it’s clear that there’s an immediate need for many organizations to gain additional visibility, automation and centralized control.”
PKI is at the heart of practically every IT infrastructure, providing security for vital digital efforts like as cloud computing, mobile device deployment, identity management, and the internet of things (IoT). As a result, PKI is critical to facilitating the digital transformation that these technologies enable, something that has come into sharp focus as a result of the global pandemic’s influence on working patterns.
When it comes to the most important trends driving the deployment of applications using PKI in the Middle East market, the Internet of Things (IoT) continues to be the fastest growing trend, with 46 percent of respondents citing it, followed by consumer mobile applications (44 percent), and cloud-based services (37 percent).
The major difficulty impeding the adoption and management of PKI in the Middle East is a lack of clear ownership, which was reported by 84 percent of respondents. Respondents around the world have identified this issue as a top challenge for the previous five years, indicating that it is a major source of concern for many businesses.
Insufficient resources and talents were ranked as the Middle East’s second and third challenges, respectively, with 57 percent and 53 percent. Similarly, the main hurdles to enabling applications to use PKI on a worldwide basis were the existing PKI’s inability to support new applications (55 percent) and a lack of skills (46 percent ).
The most common use case for PKI credentials is TLS/SSL certificates for public-facing websites and services (81 percent of respondents globally). Private networks and VPN apps were ranked second (67 percent, up from 60 percent in 2020), and email security was third (55 percent, up from 51 percent in 2020), surpassing public cloud applications and enterprise user authentication, which were ranked second and third last year. This change reflects a shift in emphasis toward maintaining the security of remote workers and distributed IT workloads.
The study also found that the average number of certificates issued or acquired by businesses is increasing, rising 4.3 percent from 56,192 in 2020 to 58,639 this year (and up 50 percent since 2019). While the number of human identities protected has been largely constant in recent years, machine identities (devices and workflows) now outnumber human ones. The increased use of IoT, cloud services, and new applications is driving this increase in machine identities.
Regardless of why a firm is expanding, the more credentials it must maintain, proper management becomes important. With one-fifth (20%) of respondents admitting to using a manual certificate revocation list and nearly a third (32%) admitting to having no certificate revocation technique, these businesses risk being vulnerable to attacks and facing critical system outages, as well as the resulting business disruption and cost.