The Latest PKI and IoT Trends Study from Ponemon is Out, and Here's What We Found
Published 12/12/2022
Originally published by Entrust.
Written by Samantha Mabey, Entrust.
The 2022 PKI and IoT Trends Study conducted by the Ponemon Institute is out, and Entrust is pleased to be the sponsor for the 8th consecutive year. Just to recap, the survey collects feedback from over 2,500 IT professionals around the globe – ranging from CISO and CIO, to IT Security managers – all of which have indicated they are involved in their organization’s enterprise PKI.
After looking at the results, the key theme that we took away from the report was awareness and its importance in your overall security posture. That “true confidence in your security comes from awareness.” What does that mean specifically? Well, it can mean a few things…
- Awareness of the people, processes and technology that run your PKI, the cornerstone of IT security
- Awareness or visibility into the people, systems and machines in your environment that need to be secured
- Visibility and control of the credentials (keys, certificates, secrets, and cryptographic assets) that secure those identities
- Awareness into the capabilities of your PKI, including current security practices, and its ability to secure your use cases today, and agility to secure changes tomorrow – like with a post-quantum future looming
With the importance of awareness and visibility in mind, the 2022 Global PKI and IoT Trends study indicates that without the right resources to secure and manage their use cases, many organizations are struggling to achieve PKI maturity so they can take advantage. Let’s have a look at some of the key findings and how organizations are stacking up on best practices:
- There’s still a resources issue. For all 8 years the top 3 challenges to deploying and managing have been the same: insufficient resources, insufficient skills, and no clear ownership. Without clear ownership or the internal expertise to manage their PKI, how confident are organizations in their security posture today, and how prepared are they for change in the future?
- IoT is top of mind – for many reasons. IoT is the #2 driver for the deployment of PKI, but it’s also the #1 area expecting the most change and uncertainty. What this tells us is while organizations are thinking about this area, they haven’t quite figured it out just yet.
- Organizations are moving to the cloud – but is it at the cost of security? The #1 driver for the deployment of PKI is cloud-based services. But in another area of the study, we see a slight decrease in the use of HSMs to secure keys (a known best practice), alongside a slight increase in the use of software key stores. Could this be because as organizations are moving to the cloud, they’re trusting cloud vendors with their security, rather than trusting their security with security experts?
PKI really is the cornerstone of IT security, and with the IT security landscape becoming more complex and the attack surface is expanding – this begs the question if organizations are achieving the awareness and control they need to secure their connections in the cloud and beyond.
For more information, download the 2022 PKI and IoT Trends Study here.
Related Articles:
Threat Report: BEC and VEC Attacks Continue to Surge, Outpacing Legacy Solutions
Published: 11/08/2024