The Explosion of Cloud-based Apps and the IoT are Creating the Need to Reinforce PKI Environments
The takeover of the cloud has brought countless businesses to pursue cloud migration over the past few years in an effort to take advantage of cost and operational efficiencies. The shift began with storage and simpler applications such as email, and has progressed to more complex applications, many of which require authorization and security to be used.
Concurrently, the Internet of Things (IoT) is driving the requirement for authenticity and authorization on a much larger scale than has ever been seen before in the IT industry.
Due to these trends, the use of public key infrastructure (PKI) as a form of secure identity has increased significantly.
According to the 2016 Thales & Ponemon Institute PKI Global Trends Study:
- 62% of businesses say that cloud-based services are the most important trend driving the deployment of applications using PKI.
- 28% of businesses felt that the IoT will largely drive PKI deployments.
As the overall business landscape continues to drive workloads to the cloud, there is a marked increase in the need for better security, and PKI has, for many years, been a proven method to enable secure authorization and access.
Creating Trusted Environments and Supporting New Applications
Rapid increases of data sharing and device authentication are beginning to create greater demand on PKIs, which means more challenges for security professionals trying to ensure that environments are trusted. As organizations consider PKI for a number of different scenarios, whether it be authorizing a user, validating a device, or protecting information, the use cases for PKI are increasing dramatically. As such, the traditional PKI is now being forced to serve several different use cases simultaneously, and in turn, a PKI of today requires an entirely new level of sophistication and planning.
Due to the increased sophistication of the environment, greater flexibility in PKI design and a deeper understanding of the proper usage of digital certificates is requiring organizations to reach out to corporations or individuals with deep knowledge and experience across a broad range of applications to solve the problem—and they should. Tackling future-proofing a PKI without the proper expertise is a risky undertaking.
Further, the 2016 PKI Global Trends Study also proved that the single greatest PKI challenge is the inability of existing infrastructure to support new applications. The need to support new applications requires PKI to be available with a much greater amount of adaptability and flexibility. To that extent, cloud-based models allow for more adaptability, faster time-to-market, ease of implementation, and flexibility.
It’s important to note that it’s not a function of the cloud that makes supporting new applications difficult—it’s that existing PKIs are not always designed to take on the breadth of applications that organizations are using today. The issue is primarily design-related in terms of how organizations have approached PKI in the past, and understanding how to respond in a nimble fashion to the current landscape.
Organizations should continually review, or have a window into, how their PKI environment is performing today and every day. It’s also important to consider that it wouldn’t be unusual for an organization to have more than one PKI because the needs of the enterprise and traditional devices and users is significantly different than the needs of the IoT, which could encompass anything from a Fitbit to a heart monitor. It’s important to realize that designing, implementing, and maintaining the right PKI to address multiple scenarios, traditional in the case of enterprise, and new and exciting in the case of IoT, is a full-time job.
Future-Proofing Your PKI
In short, as organizations continue to move to the cloud, it is hugely important that PKIs are future proofed – sooner rather than later.
Here are four key considerations for your security team to take note of in the pursuit of improving your PKI to accommodate the changing conditions of cloud-based applications, as well as the evolution of the IoT:
- PKI for enterprise and PKI for IoT have different characteristics and should be considered separately.
- A well-designed PKI can be cloud-based and still provide integrity and security.
- PKI design criteria should be based on the needs of the specific use case, whether it’s enterprise or IoT.
- PKI continues to be an extremely effective technology for providing authenticity, authorization, and encryption.
As you evaluate your strategy for future-proofing your PKI, consider talking with CSS. Our CSS Research, professional services, and development teams feature experts in the field of digital identity. For over a decade, we’ve been trusted security advisors to more than half of the Fortune 500.