Digital certificates and keys ensure authenticity across enterprise user, application and device identities, says the report. "Cryptographic algorithms encrypt the data associated with those identities, providing secure communication and exploit protection. Two-thirds of respondents say their organization is adding additional layers of encryption to comply with industry regulations and IT policies; however, shorter certificate validity has doubled the management workload on short-staffed IT and security teams," notes the study.
- According to the findings, failed audits due to insufficient key management practices and compromised or rogue certificate authorities (CA) are the most frequent and most serious problems faced by organizations when it comes to managing PKI and cryptography.
- Two-thirds of organizations are adding additional layers of encryption technologies to comply with industry regulations and IT policies. As a result, managing a growing number of cryptographic keys and digital certificates has increased operational costs and reduced the overall efficiency of business processes.
- Only 38 percent of respondents say their organizations have enough IT security staff members dedicated to their PKI deployment. More than half of respondents (53 percent) say they are unable to hire and retained qualified IT security personnel. Responsibility for the PKI budget is also dispersed throughout the organization, with IT operations (21 percent) and lines of business (19 percent) cited most often as owners of the PKI budget.
- According to respondents, the following are the top four strategic priorities for digital security in their enterprise: authenticating and controlling IoT devices, knowing the expiration date of certificates, reducing complexity in their IT infrastructure, and reducing the risk of unknown certificates in the workplace (i.e. shadow IT).
“Our 2019 report was a wake-up call in many ways – it was the first report of its kind to investigate the role that digital certificates and keys play in creating trust inside and outside organizations,” said Dr. Larry Ponemon, founder of the Ponemon Institute. “In many ways I was optimistic that we’d see progress this year as more executives invested the resources needed to close the gap between ‘standard practice’ in PKI and ‘best practice’. This year’s report shows that while progress has been made in a few areas, that gap is actually growing wider.”
“This report reinforces cryptography’s importance within the security agenda,” said Hickman. “In many cases, PKI remains a manual function with ownership split across IT and security teams. Growing connectivity has created an exposure epidemic. Without a clear PKI in-house or outsourced program owner and process to close critical trust gaps, the risk of outages and breaches will continue to rise.”