GlobalSign conducted a survey earlier this year to better understand how, and why, companies are using Public Key Infrastructure (PKI) based certificates. Nearly 750 people participated in the survey, which also posed questions about digital signatures and DevOps. Our analysis included IT decision-makers and leaders across industries including government, finance, healthcare and engineering. The questions covered a range of topics – from the participant’s use of PKI, to solutions, to their involvement in DevOps.
Just in case you aren’t familiar with the term, PKI enables companies and systems to securely exchange data and more importantly, to verify the legitimacy of a certificate-holding entity. PKI-based technology and solutions allow users to authenticate digital certificates, which include a public key for the encryption and cryptographic authentication of data. All forms of sensitive data rely on PKI, and GlobalSign is proudly recognized as one of the world’s leading providers of PKI-based security technology.
Now that you’ve had some background on the survey, let’s look at a few key takeaways.
Why PKI
One of the first things we wanted to know was what kind of PKI or certificate-based solutions respondents were using. Not surprisingly, about 75% stated they are using public SSL or TLS certificates and about 50% stated they rely on private SSL and TLS. A third of participants (30%) said they use certificates for digital signatures while slightly fewer answered they are relying on PKI for Secure/Multipurpose Internet Mail Extensions (S/MIME). S/MIME is a widely accepted protocol for sending digitally signed and encrypted messages and a solid option for protecting email users from phishing. Given the increasing rate of phishing attacks worldwide, it is no surprise why this is an increasingly popular enterprise security solution.
We also looked at why companies choose PKI-based technologies to begin with. More than 30% pointed to scalability for the Internet of Things (IoT) and 26% believe PKI can be applied to a wide range of industries. 35% of respondents said they appreciate PKI for ensuring data integrity.
Common Challenges in PKI Implementation
While we know PKI has a great deal of value to an organization, it is complex. Because of this, there can be some challenges that come along with implementing it. We asked what our survey respondents felt about the challenges of implementing PKI. Not surprisingly, a lack of internal IT resources is one of the biggest issues facing today’s organizations – there are simply not enough skilled workers to tackle PKI management. Beyond that, 17% of respondents reported long deployment times for PKI projects and nearly 40% said that provisioning and lifecycle management can become very time consuming.
We also learned from this survey that some companies are still using their own internal certificate authority, despite the strain on IT resources. Understandably, switching to an approach that is automated and managed is becoming more popular.
GlobalSign’s PKI survey also pointed to the increasing usage of digital signatures. More than 50% of survey participants said that they are actively leveraging digital signatures to protect the integrity and authenticity of their content. As to why they’ve chosen digital signatures, 53% of respondents said regulatory compliance was a driving factor while 60% cited being green – eliminating paper – as being the reason. Time savings was also cited as a major reason for switching to digital signatures, with the ability to decrease document turnaround time as the one of the great benefits of utilizing PKI-based technology.
The Rise in DevOps
Our survey wouldn’t be complete if we didn’t ask about DevOps, a market expected to reach about $13 billion by 2025. While DevOps has taken the software industry by storm with its automated business processes and agility, the reality is that the approach opens up security risks. As it is now, the process of acquiring certificates in a DevOps environment is difficult, time consuming, and error prone. For example, developers and companies must contend with:
- The exploding number of keys and certificates that must serve as machine identities on load balancers, virtual machines, containers, and service meshes. Keeping track of machine identities in use can quickly become chaotic, expensive, and risky without the right technology.
- Weak certificates or unexpected certificate expirations when the proper policy enforcement and monitoring practices are not in place. Needless to say this kind of downtime can have a significant business impact.
Luckily, GlobalSign offers a PKI for DevOps solution that can be directly integrated with a REST API or EST, or with Venafi as a Service – so your DevOps team can keep moving fast without sacrificing on security.
PKI is one of the most foundational security technologies today and will continue to be for the foreseeable future. Our 2019 survey data, as illustrated in the infographic below, supports this assertion. And with the explosive growth we’re seeing in the IoT and IIoT sector, we expect an even greater number of PKI deployments in the next year. Want to learn more about the ways other enterprises are using PKI solutions to meet security challenges and prepare for the future? Contact one of our security experts today.