Digital transformation is driving demand for PKI certificates, but Spanish enterprises are experiencing critical challenges in their management
The Entrust 2021 Spain PKI and IoT Trends Study reveals lack of ownership, resources, and skills continues to challenge PKI deployments
MADRID, SPAIN (November 24, 2021) – Driven by organizational changes, enterprise use of Public Key Infrastructure (PKI) and digital certificates has never been higher in Spain, while the related skills to manage PKI are in historically short supply, according to research from Ponemon Institute, sponsored by Entrust, a global leader in trusted identity, payments and data protection. The Entrust 2021 Spain PKI and IoT Trends Study, the first edition of the study in this country, also revealed that IT professionals continue to see lack of clear ownership, skills and resources as the top challenges in deploying and managing PKI.
PKI is at the core of nearly every IT infrastructure, enabling security for critical digital initiatives such as cloud, mobile device deployment, identities and the internet of things (IoT). As such, PKI holds the key to enabling the digital transformation that these technologies underpin, something that has been thrown into sharp focus over the course of the global pandemic and its impact on working practices.
Drivers and challenges of PKI adoption
When it comes to the most important trends driving the deployment of applications using PKI, the Internet of Things (IoT) remains the fastest growing trend at 51%, with cloud-based services the second highest driver cited by 41% of respondents, and consumer mobile coming in third at 34%.
The top challenge that impedes the deployment and management of PKI in Spain is a lack of clear ownership – cited by 70% of respondents. Insufficient skills and insufficient resources were rated as the second and third challenges at 67% and 54% respectively. Similarly, the top challenges to enabling applications to utilize PKI were the existing PKI being incapable of supporting new applications (72%), too much change or uncertainty (52%) and insufficient skills (42%). Additionally, although PKI is in higher demand than ever, only 36% of respondents have a PKI specialist on staff to manage PKI in their organization.
The areas expected to experience the most change and uncertainty were PKI technologies (43%), followed by new applications, such as the Internet of Things (IoT) – 32% of those surveyed. The third and fourth most cited areas were external mandates and standards (28%) and internal security policies (20%).
“PKI has never been in such high demand – whether from the pressure of securing a remote or hybrid workforce this past year, or the continued growth of IoT and cloud-based services,” said Rocío Martínez, Head of Entrust Digital Identity for Spain. “At the same time, the skills and resources required to deploy and manage PK continue to be in short supply in Spain – an issue exacerbated by lack of clear organizational ownership over PKI deployments. This first Spanish PKI and IoT Trends Study provides valuable insights into the challenges organizations are facing and where they need to focus their efforts in the coming years.”
The Rise of Machine Identities
TLS/SSL certificates for public-facing websites and services are the most often cited use case for PKI credentials (77% of respondents). Private networks and VPN applications came in second (70%) and email security was third (61%). This highlights the shifting focus on ensuring remote workers and distributed IT workloads can be kept secure.
Spanish organizations with internal certificate authorities (CAs) use an estimated seven separate CAs, managing an average of 65,412 internal or externally acquired certificates. Additionally, in the next two years, an average of 46% of IoT devices in use will rely primarily on digital certificates for identification and authentication.
Regardless of the reason for the growth, the more certificates an organization needs to manage, the more critical proper management becomes. With one in ten (11%) of respondents stating they use a manual certificate revocation list and nearly a third (30%) admitting they have no certificate revocation technique, these organizations risk being vulnerable to attacks and facing outages to critical systems and the consequent business disruption and cost that comes with that.
“Over the years we have been conducting the global PKI and IoT trends study, it is clear that the gap between the rising demand for PKI adoption and the challenges hindering it appear to be growing,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “This has the potential to exacerbate the headaches organizations already feel and create gaps in their security postures. When you factor in that environments are more distributed with remote working, cloud and IoT, it’s clear that there’s an immediate need for many organizations to gain additional visibility, automation and centralized control.”
Rocío Martínez adds: “In order to deal with the complexity, organizations need a strategy first and products second to support this transformation. This means that they need a partner like Entrust who not only has the technological capabilities, but the heritage and expertise to help succeed in this environment.”
Landing page: Entrust 2021 Spain PKI and IoT Trends Study
2021 Spain PKI and IoT Trends Study methodology
The Entrust 2021 Spain PKI and IoT Trends Study, conducted by research firm the Ponemon Institute, is based on feedback from more than 500 IT security professionals in Spain, analysing the responses given by 237 respondents involved in the management of PKI in their enterprises. This analysis is part of the larger annual 2021 Entrust Global PKI and IoT Trends Study, based on feedback from more than 2,500 professionals in 17 countries: Australia, Brazil, France, Germany, Hong Kong, Japan, Mexico, Middle East (which is a combination of respondents located in Saudi Arabia and the United Arab Emirates), Netherlands, the Russian Federation, Spain, Southeast Asia, South Korea, Sweden, Taiwan, the United Kingdom, and the United States.
About Entrust Corporation
Entrust keeps the world moving safely by enabling trusted identities, payments and data protection. Today more than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase, accessing e-government services or logging into corporate networks. Entrust offers an unmatched breadth of digital security and credential issuance solutions at the very heart of all these interactions. With more than 2,500 colleagues, a network of global partners, and customers in over 150 countries, it’s no wonder the world’s most entrusted organizations trust us. For more information, visit www.entrust.com.