Philip Schreiber, the Regional Sales Director at Entrust Data Protection Solutions, speaks about the importance of PKI solutions, the challenges while deploying PKI, and more
What challenges do companies face while deploying PKI?
As our 2020 PKI & IoT report shows, the biggest challenges in deploying (and managing) PKI are a lack of clear ownership, as well as insufficient resources and skills. These are consistent findings from past research and from interactions with prospective customers. Many organisations also struggle with having sufficient knowledge/visibility of the security capabilities of their PKI, making it difficult to incorporate support for new applications.
How can PKI used in cloud-based services protect the data of companies working remotely?
One of the most striking findings of this year’s study is a large increase in the use of PKI for access to cloud applications – its usage grew from 55% to 82%, and that was before COVID took hold. The dependence on PKI for not only access to cloud applications but for user authentication, email, VPN, and other core enterprise services shines a light on the importance of having a resilient, best-practices based PKI with strong security protection, operational practices, and policies appropriate to usage.
What are the differences found by the 2020 Global PKI and IoT Trends study in HSM usage globally and in the Middle East?
There are three key findings that stand out when comparing the Middle East (ME) respondents to the global results:
- The use of Hardware Security Modules (HSMs) for offline root Certificate Authorities (CAs) is at a higher rate than the global average (52% vs 47% globally), however, the use of HSMs for online issuing CAs is significantly lower than the global average (27% vs 42% globally).
- Middle Eastern respondents are dealing with change and uncertainty due to external mandates and standards at the highest rate globally in the survey (60% vs 49% global average)
- Those in the Middle East seem to be more adept at handling the hurdles around the skills and resources required for enabling applications to use PKI, with 29% vs 34% globally citing skills as a challenge and 27% vs 35% globally for resources. This is despite the fact that ME respondents don’t employ PKI specialists as much as the global average.
What is the reason behind the rapid increase of PKI deployment in IoT technologies in 2020?
There is growing recognition that PKI provides important core authentication technology for IoT. Since 2015, respondents to our PKI and IoT Trends survey who say IoT is the most important trend driving the deployment of applications using PKI has increased significantly from 21% of respondents in 2015 to 47% in 2020. In the next two years, an average of 41% of IoT devices in use will rely primarily on digital certificates for identification and authentication.
PKI is well-positioned to help address multiple IoT use cases, including embedding a root of trust in IoT devices, using firmware signing to prevent the introduction of malware to these devices, and negotiation of session keys to help ensure confidentiality when IoT devices are sending data to points of collection.
What are the risks of PKI?
This year’s study highlights the primary challenges to utilizing PKI as being the lack of visibility of the security capabilities of existing PKI, the inability of existing PKI to support new applications, and the difficulty in changing legacy apps. Since 2019 the lack of visibility of the security capabilities of existing PKI increased significantly from 36 percent of respondents to 52 percent of respondents.
More generally, we find that many organizations continue to struggle to implement basic PKI best practices, due to lack of knowledge, resources, and challenges that arise around ownership and control – and organizations often need to seek help to gain the expertise needed to appropriately mitigate risk. Entrust advocates for enterprises to establish a Cryptographic Center of Excellence for their organizations to ensure centralized guidance, governance, and tools to manage these systems and ensure better security practices.