The scale of corporate infrastructure for data protection is growing by the day.
Number of certificates to be managed by enterprises increased by 43% compared to 2019
IoT terminals, platforms, and storage encryption only reach 33%


As the adoption of public key infrastructure (PKI) increases, the size and scope of corporate infrastructure for data protection has also increased.

Entrust announced this on the 9th, releasing the ' 2020 Global PKI and IoT Trends Report '. The report was published based on the results of a survey of approximately 1,900 IT security experts in 17 countries around the world, including Korea.

According to the report, PKI has become a core part of IT infrastructure, providing strong security for key digital initiatives such as cloud, mobile devices, identity authentication, and IoT. As digital dependency increases and cyberattacks become more sophisticated, companies are leveraging PKI technology to set access rights to data and authenticate user systems and devices.

The main driver for PKI technology adoption this year was IoT, cited by 47% of respondents. Over the past five years, cases of PKI technology adoption for IoT security have increased by 26%. 44% of respondents said cloud-based services drove PKI adoption.

◇ Rapid increase in PKI use in cloud and authentication sectors

According to the survey, 84% of respondents said they used PKI for TLS/SSL authentication for websites and services for end users. This is the highest number.

Public cloud-based applications had the highest year-over-year growth rate, at 82%, up 27% year-over-year. Korea was particularly high in the use of PKI for public cloud-based applications, at 96%. Enterprise user authentication increased 19% year-over-year to 70%.

The average number of certificates that companies need to manage increased by 43% from 39,197 the previous year to 56,192. This is analyzed to be due to the trend of reducing certificate validity periods and the rapid increase in cloud and corporate user authentication purposes.

Lack of PKI security capabilities was cited by 52% of respondents as a pressing challenge for PKI technology (up 16% year-over-year), raising the need for PKI experts who can create enterprise-tailored roadmaps based on cybersecurity expertise, security and operational best practices. Lack of ability to change existing applications (51%) and inability to support new applications with existing PKI (51%) were also cited.

Respondents responded that they are having difficulties with PKI introduction and management due to organizational issues such as lack of clear work authority, lack of capacity and resources. PKI introduction was found to be diversified and preferred in some countries as a service rather than on-premise.

Respondents cited IoT (52%) and external regulations and standards (49%) as the main factors driving change and uncertainty in PKI. Twenty-four percent of respondents said the regulatory environment requires more adoption of applications that use PKI technology.

◇ The security industry has a big gap between best practices and practices

It is expected that 41% of IoT devices will rely on digital certificates for identity and authorization verification in the next two years. However, encryption for IoT devices, platforms and data repositories increased by only 33%, which could be a potential vulnerability for sensitive data.

As for IoT security threats, respondents cited arbitrary manipulation of IoT devices through malware or other attacks (68%) and remote control by unauthorized users (54%), and answered that malware blocking methods such as patch distribution or IoT device updates are not effective in controlling them.
The National Institute of Standards and Technology (NIST) recommends FIPS 140-2 Level 3 or higher certification for cryptographic modules for Certificate Authorities (CAs), primary recovery servers, and Online Certificate Status Protocol (OCSP) responses. While 39% of respondents said that the primary use of a hardware security module (HSM) is to secure PKI for a root issuance policy CA, only 12% of respondents use HSMs in their OSCP installations. This shows a significant gap between best practices and practices.

“Enterprises are struggling to implement security mechanisms, such as firmware authentication, to address security threats in new areas like IoT,” said John Grimm, vice president of strategy for digital solutions at Entrust. “The results of this study demonstrate the need for strong security based on best practices such as automated certificate management, flexible PKI adoption, and HSMs.”