Firms fret over lack of skilled staff as threats grow through cloud, IoT

Public key infrastructure (PKI) remains the cornerstone of nearly every IT security environment, but even as the technology matures, new use cases, and rising compliance mandates are adding new challenges to infosec professionals charged with managing PKI implementations. 

This is a key theme that comes out of the 2022 Global PKI and IoT Trends Study, conducted by the Ponemon Institute, and sponsored by Entrust.

Findings based on a survey of 2,505 IT and IT security professionals who are involved in their organisations’ enterprise PKI in 17 markets including Australia, Brazil, France, Germany, Hong Kong, Japan, Korea, Mexico, Middle East, Netherlands, Southeast Asia, Spain, Sweden, the United Kingdom, and the United States.

The study found that while the top use cases for PKI globally are still of the traditional variety, such as TLS/SSL, securing VPN and private networks, and digital signing, it’s the regulatory landscape and newer use cases – such as cloud-based services and IoT – that are driving the adoption of PKI. 

As a case in point, IT security teams across the world report rising demand for PKI driven by the regulatory environment — ranked by 31% of respondents from 24% the previous year — and BYOD and internal device management, which more than doubled from 11% in 2021 to 24% in 2022.

And yet, in Southeast Asia, organisations continue to struggle with applying the resources needed to effectively manage their PKI implementations. 

Two-thirds (67%) of respondents cite the lack of clear ownership and 60% cite insufficient skills as the top two challenges to enabling applications to use PKI. 

The next biggest challenges the organisations in Southeast Asia face are insufficient resources and commercial solutions that are too complicated or too expensive – both at 53%.

When it comes to existing PKI implementations, the top challenge in Southeast Asia is the lack of visibility into the security capabilities of existing PKI at 30%, followed by the lack of ability to support new applications (29%) and to change existing apps (29%). 

“The top challenges in deploying and managing PKI have remained fairly consistent over the years of conducting this research,” said Larry Ponemon, chairman and founder of the Ponemon Institute. 

“The lack of skilled and experienced staff to help alleviate this pressure is clearly being increasingly felt, as is the lack of clear ownership across stubbornly siloed business structures for many,” said Ponemon.

As organisations plan the evolution of their PKI, they need to take into account the diverse factors that drive change and uncertainty. 

The top three include PKI technologies, as cited by 29% of respondents; enterprise applications (27%); as well as external mandates and standards, and new applications such as IoT devices (both 26%).