Enterprises are using PKI for more applications with cloud computing and Internet of Things driving use of the technology, according to the PKI Global Trends Study from Thales and the Ponemon Institute. The downside, however, is that many enterprises are not adhering to best practices when it comes to these PKI implementations.
The same survey a year ago showed that globally enterprise were using seven PKI-enabled applications and that was up to eight this year, says John Grimm, senior director of Product Marketing at Thales e-Security. In the U.S. that number is greater, growing from 7.5 to 10.5.
Adoption of cloud application has been and will continue to be a driver for the use of PKI, Grimm says. IoT is the up and comer as devices begin to promulgate and if forcing organizations to changes the design of PKI deployments.
The survey did find some problems. Current approaches to PKI are fragmented and do not always incorporate best practices, showing a need for many organizations to apply increased effort to securing their PKI as an important part of creating a foundation of trust. Some 34% enterprises still use only passwords to secure PKI, Grimm says. “It’s still a mixed bag for best practices,” he adds.
According to respondents, applications most often using PKI credentials are:
- SSL for public facing websites and services — 81% of respondents
- Private networks and VPN — 75% of respondents
- Email security — 54% of respondents
- Enterprise user authentication – 50%
Ponemon Institute conducted the research for the report, which summarizes the second annual results of a survey completed by 1,583 IT and IT security practitioners in the following 11 countries: United States, United Kingdom, Germany, France, Australia, Japan, Brazil, Russian Federation, India, Mexico and Arabia.