New research by IDC shows that the number of businesses using PKI as part of their broader security programs, beyond TLS for websites, has more than doubled in the last decade, to 65% in 2018.
The IDC Data Services for Hybrid Cloud Survey, which includes interviews with more than 400 chief information security officers (CISOs), security architects, IT security and data management specialists in Europe and North America, shows that PKI is increasingly viewed by security leaders as essential in securing digital transformation initiatives across a variety of business use cases. As PKI deployments grow, proper management of digital certificates is critical. IDC research found that the average cost of downtime industrywide is $250,000 per hour, and one unmanaged digital certificate that expires can hurt the bottom line.
“PKI, if properly deployed and managed, is one of the most powerful tools organizations can use to avoid costly and reputation-damaging data breaches,” states Rob Westervelt, Research Director, Security Products at IDC. “Our research found a growing number of organizations are revisiting their encryption and key management strategy to gain situational awareness, and in turn bolster their security postures.”
According to the study, today's business processes can be supported by PKI to increase automation, reduce friction, and streamline the processing of digital information and electronic transactions. Security teams use PKI as an essential element in addressing new data privacy and data security regulations. PKI serves as an enabler of new business projects designed to improve customer satisfaction by allowing customers to securely conduct sensitive transactions from the comfort of their homes.
The growing use of cloud services is increasing attack surfaces and allowing hackers to seize on weaknesses associated with IT infrastructure complexity and configuration issues. In addition to reputation damage, direct costs and regulatory sanctions, cyberattacks can result in unplanned downtime, loss of competitive trade secrets and permanent data loss. Among those surveyed, 37% called the complexity of security solutions one of the top three greatest threats their organization is facing in the next two years. CISOs agree, however, that streamlined PKI implementations minimize complexity and that managed PKI services can reduce overhead and costs, freeing up security teams to work on other pressing matters.
Organizations count on PKI for reliable operations and to protect sensitive data
PKI is the backbone for many organizations that value cybersecurity resiliency, enabling them to automate the process of enforcing data security policies and procedures using digital certificates and public key encryption. PKI establishes validated and trusted connections between systems, while providing unhindered user access to sensitive resources. DigiCert has built a robust PKI platform to help organizations secure all of their connection points and data traversing their networks with scalable digital certificate deployment and management.
Organizations reported using digital certificates and PKI to support a variety of functions, including:
- Secure BYOD: Supporting unmanaged BYOD initiatives and maintaining secure access to enterprise resources, without sacrificing the mobile user experience
- Secure Authentication: Strongly authenticating individuals to applications containing sensitive information
- Secure Remote Access: Strongly authenticating employees and partners to a wireless network or VPN for secure access
- Secure Email: Enabling end users and partners to send encrypted and digitally-signed emails across all corporate devices
- Document Signing Integrity: Validating the integrity and authenticity of digital signatures on critical documents
- Secure IoT Devices: Providing device identity and establishing root-of-trust, and maintaining the integrity of software and firmware on sensitive IoT devices
CISOs reveal what’s driving increasing PKI investments
From emails to payment processors, the avenues in which PKI investments are needed continue to grow. A manufacturer’s email and file transfer systems were particularly vulnerable and resulted in a Ransomware attack. In response, the company implemented two-factor authentication and client certificates to eliminate weak passwords and validate the identity of their email accounts.
A regional bank relied on PKI to support mobile users for smart card authentication. Facing challenges associated with fragmentation, the bank outsourced its PKI and now has a streamlined certificate lifecycle management for its 40 branches.
A technology manufacturer looking to lock down access to critical resources chose PKI to support its device identity, VPN access and zero-trust environment.
A payment processor in Europe secures tens of thousands of point-of-sale system devices using a managed PKI service that enables trusted, third-party, mutual authentication of devices to networks. They also leverage PKI to securely rotate certificates.