DigiCert, Inc., a leading provider of TLS/SSL, IoT and other PKI solutions, today released its “2021 State of PKI Automation” survey that shows the typical enterprise in the Asia Pacific (APAC) now manages over 40,000 publicly and privately trusted PKI certificates. Manually managing this volume of certificates can lead to costly outages if not handled correctly, as evidenced by the finding that two-thirds have experienced outages caused by certificates expiring unexpectedly. More than one-third (35%) have experienced five to six such outages in the past six months alone, compared to the 25% global average. Due to these issues and others, there is strong interest in adopting PKI automation.
What are PKI Certificates?
PKI stands for Public Key Infrastructure. It is a framework that enables the encryption of public keys and includes their affiliated crypto-mechanisms. Two asymmetric keys (mathematical codes) are required to encrypt and decrypt information transmitted and received over the internet: a public and a private key. The public key is validated by a certifying authority and contains the name and identity of the host or the owner, and it can be shared publicly. It is used to encrypt the data before transmitting it to the intended recipient. The private key is secret and sent only to the person for whom the message is intended. It is used to decrypt the message.
This enables a highly secure network environment for use by applications and hardware — to exchange information, validate websites or even digital certificates.
Why is PKI Automation Necessary?
There are millions of certificates and keys exchanged every day on the Internet, and all this requires robust and secure PKI infrastructure – to manage the keys and certificates associated with it. Certificates have expiry dates, and processes must keep track of expiring certificates. The system also needs to authenticate certificates and look for rogue certificates, unmanaged certificates and outages caused by certificates expiring unexpectedly. Doing all these processes manually can be stressful for organizations.
So, leading organizations are 10 times more likely to have already implemented automation to do all this. They’re meeting PKI SLAs and doing a better job at self-reporting deficiencies.
2021 State of PKI Automation Survey – APAC Findings
APAC is the region with more enterprises having trouble managing the workload, with 65% of the respondents stating that they are concerned about how much time is spent managing certificates. They also lack visibility. 35% of enterprises use more than three departments to manage certificates, leading to confusion. The typical enterprise says as many as 1,000 of the certificates are unmanaged, and nearly half (48%) say they frequently discover so-called “rogue” certificates (certificates that were implemented without IT’s knowledge or management), the highest occurrence among other regions surveyed.
“The volume of certificates has grown dramatically,” said Brian Trzupek, SVP of Product at DigiCert. “Further, validity periods for public TLS certificates have dropped from three years to one year since 2018. As a result, enterprises are finding it increasingly difficult to manually manage digital certificate workflows. They are looking for certificate automation, but need reassurance on how to do it and an understanding of the long-term costs and security benefits.”
“Manual processes aren’t an effective way to manage a large number of certificates. Something can always go wrong. Automating the management of PKI certificates is the obvious answer,” says Mike Mallos, Infrastructure Services Manager at Qantas. “It helps us improve security and compliance, become more agile and increase our productivity.”
Most enterprises are considering PKI automation, with 86% at least discussing it. Only 10% are at the stage where they are already implementing or maybe even finished implementing a solution. 12% say they are not discussing it and have no plans to do so. Most (70%) expect to implement a solution within 12 months.
Not All Enterprises are the Same
The survey included a series of questions in determining how well (or poorly) each respondent was doing across a wide range of PKI metrics. After the scores were totaled, the respondents were split into three groups:
- Leaders: Organizations that are doing the very best
- Laggards: Organizations that are doing the worst
- Middle: Organizations that are doing okay
The Leaders and Laggards were then compared to examine the differences and explore what the Leaders were doing better.
Leaders perform two to three times better than Laggards in every area, including minimizing PKI security risks, avoiding PKI downtime and meeting PKI-related SLAs. Laggards are seeing a wide range of PKI-related penalties, including lost productivity, compliance issues, loss of customers and even lost revenue.
Lessons from PKI Leaders
PKI Leaders are more likely to say PKI automation is important to their organization’s future. Further, PKI Leaders are twice as concerned about the time it takes to manage PKI certificates.
Recommendations
DigiCert recommends that companies begin to address automation of their certificate management processes, including their business workflows, to ensure they continue to adhere to best practices in PKI deployments. This includes the following:
Certificates:
- Identify and create an inventory of the entire certificate landscape, from TLS to code signing, client certificates and more.
- Remediate keys and certificates that are not compliant with corporate policy.
- Protect with best practices for issuance and revocation. Standardize and automate enrollment, issuance and renewal.
Certificate Workflows: Address unmanaged or manual certificate workflows, such as code signing, document signing, email certificates or other identity and access solutions, with software that centralizes visibility and control and automates workflows.
The survey was conducted by ReRez Research of IT professionals within 400 enterprise organizations of 1,000 or more employees in North America, EMEA, Asia Pacific and Latin America.
To get the full report, visit https://www.digicert.com/campaigns/pki-automation.
