cybersecurity_padlocks_laptop.jpg Getty Images

Study highlights PKI, machine identity management challenges

There are more than 267,000 internally issued certificates across the average enterprise today, a new report found.

Today’s workforce is part human, part machine. In fact, new research has found that the number of machines -- from servers and containers to IoT devices -- far outnumbers humans in any given organization’s network. Each machine has an identity to authenticate and establish digital trust between users, devices, and workloads across the business, coming in the form of cryptographic keys or digital certificates.

As the number of machines within organizations reaches unprecedented levels, the average enterprise today has more than 267,000 internally issued certificates to carry out a number of mission-critical tasks, according to Keyfactor’s second-annual State of Machine Identity Management report. Mission-critical tasks include running websites and applications and connecting organizations with their customers.

The report, conducted by the Ponemon Institute, sheds light on how organizations currently deploy and manage public key infrastructure (PKI) and machine identities. In addition, the report highlights emerging risks and challenges as the role of PKI and machine identities evolves.

As the volume of certificates increases, enterprises have struggled with a lack of complete certificate visibility. In fact, the report found the majority (55%) of organizations do not know how many keys and certificates they have.

KeyfactorChart compares full-time equivalent staff involved in deploying and managing PKI within organizations in 2021 vs 2022

Without proper management, certificates can expire unexpectedly, which can shut down critical applications and services. In this year’s study, 81% respondents reported that they experienced at least two or more certificate-related outages in the past two years, up from 77% last year.

PKI governs the issuance and management of these digital certificates, which can prevent debilitating outages. Despite its importance, organizations often lack the skills and expertise to dedicate to their PKI deployment. While 54% of respondents said they have six or more staff involved in deploying and managing PKI, half of respondents said they still don’t have enough personnel dedicated to their PKI deployment. This year, 53% of organizations reported that investing in hiring and retaining qualified personnel was a top strategic priority for digital security.

KeyfactorChart compares respondents views on whether they have enough IT security staff dedicated to PKI in 2021 vs 2022.

This year’s study surveyed 1,346 respondents across North America, Europe, the Middle East, and Africa. Respondents worked in a wide range of industries, including financial services, industrial and manufacturing, public sector, healthcare and pharmaceutical, education and research, and retail.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish