The annual 2020 Global PKI and IoT Trends Study, conducted by research firm the Ponemon Institute and sponsored by nCipher Security, an Entrust company, is based on feedback from more than 1,900 IT security professionals in 17 countries.
As organisations become more dependent on digital information and face increasingly sophisticated cyberattacks, they rely on PKI to control access to data and ascertain the identities of people, systems and devices on a mass scale. According to the report, IoT is the fastest growing trend driving PKI application deployment, up 26 percent over the past five years to 47 percent in 2020, with cloud-based services the second highest driver cited by 44 percent of respondents.
Need to manage more certificates
TLS/SSL certificates for public-facing websites and services are the most often cited use case for PKI credentials (84 percent of respondents). Public cloud-based applications saw the fastest year-over-year growth, cited by 82 percent, up 27 percent from 2019, followed by enterprise user authentication by 70 percent of respondents, an increase of 19 percent over 2019. All underscore the critical need of PKI in supporting core enterprise applications.
The average number of certificates an organisation needs to manage grew 43 percent in the 2020 study over the previous year, from 39,197 to 56,192 certificates, highlighting a pivotal requirement for enterprise certificate management. The rise is likely driven by the industry transition to shorter certificate validity periods, and the sharp growth in cloud and enterprise user authentication use cases, according to the report.
Challenges, change and uncertainty
The 2020 study found that IT security professionals are confronting new challenges to enabling applications to use PKI. More than half (52 percent) cited lack of visibility of an existing PKI’s security capabilities as their top challenge, an increase of 16 percent over the 2019 study. This issue underscores the lack of cybersecurity expertise available within even the most well-resourced organisations, and the need for PKI specialists who can create custom enterprise roadmaps based on security and operational best practices, according to the report. Respondents also cited inability to change legacy applications and the inability of their existing PKIs to support new applications as critical challenges – both at 51 percent.
Security practices have not kept pace with growth
In the next two years, a forecasted average of 41 percent of IoT devices will rely primarily on digital certificates for identification and authentication. Encryption for IoT devices, platforms and data repositories, while growing, is at just 33 percent – a potential exposure point for sensitive data. Respondents cited several threats to IoT security, including altering the function of IoT devices through malware or other attacks (68 percent) and remote control of a device by an unauthorized user (54 percent). However, respondents rated controls relevant to malware protection – like securely delivering patches and updates to IoT devices – last on a list of the five most important IoT security capabilities.
“In newer areas like IoT, enterprises are clearly failing to prioritize security mechanisms like firmware signing that would counter the most urgent threats, such as malware. And with the massive increase in certificates issued and acquired found in this year’s study, the importance of automated certificate management, a flexible PKI deployment approach, and strong best practice-based security including HSMs has never been greater, concludes John Grimm, vice president strategy for digital solutions at Entrust.
Download your copy of the new 2020 Global PKI and IoT Trends Study.