Rapid growth in IoT device usage is behind a sharp rise in deployment of applications that use public key infrastructure (PKI), according to a new report from Thales and the Ponemon Institute, with the UK leading the way.
But “ownership” of PKI (a set of hardware, software, policies, processes, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and public-keys) remains a major hurdle for adoption.
The 2018 Global PKI Trends Study presents survey results of 1,600 IT and security practitioners in 12 countries, including the UK, the US, Australia, Brazil, and Japan.
42 percent of IoT devices will use digital certificates for authentication in the next two years, the report said. It found that 70 percent of respondents believe there is no one function responsible for managing PKI; by far the top challenge year after year.
Thales said: “This lack of clear ownership is not in line with best practices, which assume as a baseline a sufficient degree of staffing and competency to define and maintain the process and procedures on which a modern PKI depends.”
IoT Use Soars
Fourty-four percent of applications were using PKI, up from 21 percent in 2015. IoT was the only factor to have risen this year, while both cloud services and consumer mobile dropped. PKI provides core authentication technology that’s crucial for IoT applications.
“In previous years, we highlighted PKI as an established technology positioned to tackle the authentication needs and challenges to support the rise of cloud applications,” said Larry Ponemon, fouder of the privacy firm.
“Now, the C-suite is challenging its teams to leverage IoT to improve and drive business. With this comes the increased risk of more endpoints to protect, and the need to understand the role of PKI as a critical enabler.
Manufacturing Driver of Public Key Infrastructure Usage
The industrial and manufacturing sector was behind much of the growth of PKI usage, with an average of 43,000 certificates under management.
Of the respondents in this sector who described how their organisation’s enterprise PKI is deployed, 54 percent cited an internal certificate authority (CA), 30 percent an externally hosted private (CA), 34 percent a public CA service, and 24 percent a private CA running within a public cloud.
The financial services sector reported the highest proportion of internal corporate CA deployment, at 72 percent.
IoT Security: Increase in PKI for Secure Network
Organisations are applying stronger PKI security, hiring PKI specialists, and investing in additional security controls such as multi-factor authentication. 49 percent of respondents said they either extensively or partially encrypt their IoT device data.
“For safe, secure IoT deployments organisations need to embrace time-tested security techniques, like PKI, to ensure the integrity and security of their IoT systems,” added senior director security strategy at Thales.
Gartner predicts IoT security spending will double by 2021 to match the surge in connected devices. That figure is set to hit $1.5 billion globally this year, the firm added.
IoT security is still an afterthought for IT leaders, however, according to Trend Micro. Only 53 percent of IT and security decision makers regard IoT as a security risk, it claims.Read More