Today’s workforce is part human, part machine. In fact, new research has found that the number of machines -- from servers and containers to IoT devices -- far outnumbers humans in any given organization’s network. Each machine has an identity to authenticate and establish digital trust between users, devices, and workloads across the business, coming in the form of cryptographic keys or digital certificates.
As the number of machines within organizations reaches unprecedented levels, the average enterprise today has more than 267,000 internally issued certificates to carry out a number of mission-critical tasks, according to Keyfactor’s second-annual State of Machine Identity Management report. Mission-critical tasks include running websites and applications and connecting organizations with their customers.
The report, conducted by the Ponemon Institute, sheds light on how organizations currently deploy and manage pubic key infrastructure (PKI) and machine identities. In addition, the report highlights emerging risks and challenges as the role of PKI and machine identities evolves.
As the volume of certificates increases, enterprises have struggled with a lack of complete certificate visibility. In fact, the report found the majority (55%) of organizations do not know how many keys and certificates they have.
Without proper management, certificates can expire unexpectedly, which can shut down critical applications and services. In this year’s study, 81% respondents reported that they experienced at least two or more certificate-related outages in the past two years, up from 77% last year.
PKI governs the issuance and management of these digital certificates, which can prevent debilitating outages. Despite its importance, organizations often lack the skills and expertise to dedicate to their PKI deployment. While 54% of respondents said they have six or more staff involved in deploying and managing PKI, half of respondents said they still don’t have enough personnel dedicated to their PKI deployment. This year, 53% of organizations reported that investing in hiring and retaining qualified personnel was a top strategic priority for digital security.
This year’s study surveyed 1,346 respondents across North America, Europe, the Middle East, and Africa. Respondents worked in a wide range of industries, including financial services, industrial and manufacturing, public sector, healthcare and pharmaceutical, education and research, and retail.