Key Driver Report Highlights PKI, Machine Identity Management Challenge


Today’s workforce is part human and part machine. In fact, new research has found that the number of machines — from servers and containers to IoT devices — far exceeds the number of humans in any given organization’s network. Each machine has an identity to authenticate and establish digital trust between users, devices and workloads in the enterprise, in the form of cryptographic keys or digital certificates.

As the number of machines within organizations reaches unprecedented levels, the average enterprise today has more than 267,000 internally issued certificates to perform a number of critical tasks, according to Keyfactor’s second annual report on the state of machine identity management. Critical tasks include running websites and applications and connecting organizations with their customers.

The report, by the Ponemon Institute, sheds light on how organizations currently deploy and manage public key infrastructure (PKI) and machine identities. Additionally, the report highlights emerging risks and challenges as the role of public key infrastructure and machine identities evolves.

As the volume of certificates grows, enterprises struggle with a lack of complete certificate visibility. In fact, the report found that the majority (55%) of organizations don’t know how many keys and certificates they have.

Key factor

Without proper management, certificates can expire unexpectedly, which can shut down critical applications and services. In this year’s study, 81% of respondents said they had experienced at least two certificate-related outages in the past two years, up from 77% last year.

The PKI governs the issuance and management of these digital certificates, which can prevent debilitating failures. Despite its importance, organizations often lack the skills and expertise to focus on their PKI deployment. While 54% of respondents said they have six or more employees involved in deploying and managing PKI, half of respondents said they still do not have enough staff dedicated to their deployment of public key infrastructure. This year, 53% of organizations said investing in hiring and retaining qualified personnel was a top strategic priority for digital security.

Key factorThe chart compares respondents' opinions of whether they have enough dedicated IT security staff for PKI in 2021 versus 2022.

This year’s study surveyed 1,346 respondents in North America, Europe, the Middle East and Africa. Respondents worked in a wide range of industries, including financial services, industrial and manufacturing, public sector, healthcare and pharmaceuticals, education and research, and retail.


Comments are closed.