From VPN to email to cloud and now IoT, digital transformation
has ushered in powerful new applications for PKI.
The results of Thales third annual 2017 PKI Global Trends Report, based on independent research by the Ponemon Institute and sponsored by Thales, reveals the Internet of Things (IoT) is playing an increasingly important role in influencing public key infrastructure (PKI) planning and usage. PKIs, widely used for authentication, digital signing, and encryption, are considered a core service supporting many different use cases and applications.
While a majority (54 percent) of respondents believe cloud-based services is the most important trend driving the deployment of applications using PKI, 40 percent also cited the IoT – a number that has doubled in the past three years. The findings, which reflect the responses of over 1,500 IT security practitioners worldwide, paint a picture of technological evolution and some uncertainty, but also opportunity:
- In the next 2 years, almost half (43%) of IoT devices will use digital certificates for authentication.
- 43% of respondents believe PKI deployments supporting the IoT will be a combination of cloud-based and enterprise-based PKIs – a number that reflects the scale of the IoT and resulting scale of PKIs issuing certificates for it.
- Over one-third of respondents (36%) cite new applications like the IoT as the fastest growing area of PKI evolution (a number that has almost tripled since 2015).
- On average, PKIs support more than 8 different applications within a business; SSL tops the list, followed by VPNs, public cloud apps, and device authentication.
- Almost two-thirds of organizations now report having a PKI and 36% of respondents use hardware security modules (HSMs) to protect their PKI
Dr. Larry Ponemon, Chairman and Founder of The Ponemon Institute said, “Last year, we underscored that it is hugely important PKIs be future proofed – and we still stand by that recommendation. Not only are PKIs a core enterprise asset, but they are playing an increasingly important role supporting certificate issuance needs for cloud applications and the IoT. Smart organizations have determined that successful IoT deployment rests on trust being established from the beginning, and they’re leaning on their PKI as one component for building that trust.”
PKI is an established technology which is well-positioned to address growing authentication needs and challenges as we embrace cloud applications and the IoT. While the sheer number and types of IoT devices pose security and interoperability challenges, authentication is a critical building block in transforming trust from an IoT barrier to an IoT enabler. One way a root of trust can be accomplished is through HSMs, which are high-assurance sources of credentials for both IoT and non-IoT applications. In the years to come, we expect to see even more HSM deployment and other indicators of higher PKI security maturity to help underpin the digital transformation of enterprises
– John Grimm
Senior Director Security Strategy, Thales e-Security
