Public key infrastructure and digital certificates essential to zero trust
Public key infrastructure (PKI) and digital certificates are essential to achieving zero trust architecture according to 96 percent of North American enterprises.
However, only 39 percent use PKI as part of their zero trust security strategy today according to a survey from Pulse Research and PKI as-a-Service (PKIaaS) company Keyfactor.
"Adopting a zero trust strategy is an important step to ensuring a robust security posture, especially as digital transformation continues and organizations move their security to the cloud," says Chris Hickman, chief security officer at Keyfactor. "Yet the survey results reveal a concerning gap between perception and reality. While most leaders recognize that PKI is essential to a successful zero trust security strategy, most are not actively incorporating it into their identity and access management (IAM) program."
So what's driving zero trust adoption? 68 percent of respondents say they are prioritizing zero trust strategy implementation for security risk mitigation with 50 percent citing time-to-breach detection reduction.
72 percent of IT leaders cite cloud-first migration as their main investment priority, followed by remote workforce (65 percent) and digital customer experience improvements (46 percent). 92 percent of respondents have allocated up to 20 percent of their 2021 technology budget to PKI and/or cryptography investments.
The greatest barrier to implementation is seen as technology gaps by 73 percent, followed by cost concerns (69 percent) and a talent or skills shortage (45 percent).
When it comes to their PKI requirements, 71 percent of IT leaders are prioritizing key and certificate visibility, followed by enabling automation (56 percent) and cloud-first PKI deployment (49 percent).
"The proliferation of digital certificates and keys within the enterprise will continue to rise, especially as a reliance on distributed IT and the remote workforce continues," adds Hickman. "Scalability is a key consideration when building out a zero trust architecture. However, PKI alone does not equate to zero trust. To be successful and fully achieve zero trust organizations also need the automation, process and security controls necessary to support it."
You can get the full report from the Keyfactor site.
Photo Credit: Syaheir Azizan/Shutterstock