Subscribe to our Newsletter!
By subscribing to our newsletter, you agree with our privacy terms
Home > IoT > IoT and PKI – difficulties in sight
November 18, 2021
The Internet of Things (IoT) continues to drive the use of Public Key Infrastructure (PKI) and digital certificates, with 47% of respondents to the Ponemon Institute’s 2021 Global PKI and IoT Trends study of more than 2,500 cybersecurity professionals from 17 countries citing it as a key driver of growth in this segment. In the 2017 edition of that study, that percentage was 40%. Just for comparison, in that same year, cloud-based services stood out as the main driver of PKI growth – cited by 54% of respondents; today that share has fallen to 44%. The Internet of Things (IoT) continues to drive the use of Public Key Infrastructure (PKI) and digital certificates, with 47% of respondents to the Ponemon Institute’s 2021 Global PKI and IoT Trends study of more than 2,500 cybersecurity professionals from 17 countries citing it as a key driver of growth in this segment. In the 2017 edition of that study, that percentage was 40%. Just for comparison, in that same year, cloud-based services stood out as the main driver of PKI growth – cited by 54% of respondents; today that share has fallen to 44%.
We can say that there is a growing recognition that PKI is becoming an important authentication system for IoT technologies. This fact is more than expected, after all, today there are more things (equipment and sensors, for example) connected on the planet than people. And these so-called IoT devices need digital identities to ensure secure operations.
For this reason, demand is growing for Internet of Things public key infrastructures – or IoT PKI – to provide digital certificates and such:
Worryingly, however, respondents to the Ponemon Institute survey said that IoT is also the area expected to experience the most change and uncertainty. The study highlights some major challenges in the PKI and digital certificate universe. The big hurdle is lack of clarity around who is responsible for PKI within organizations – it was named as the top challenge for the fifth consecutive year, with a significant increase in the share of respondents citing it – from 63% in 2020 to 71% in 2021. Scarcity of resources (51%) and skills (46%) – which has never been greater – rounded out the top three challenges mentioned. More than half of respondents (55%) also said that their organization’s existing PKI is unable to handle new applications.
Year-on-year, there is slow and steady growth in the number of certificates issued and managed across a range of sectors, not just in the IoT universe, however, there has been a significant increase in this volume in recent years – around 50% since 2019 – from 39,197 to 58,639 – mainly on account of increased demand for machine identities and hybrid work protection.
In terms of the digital certificate revocation technique, the most frequently used remains the Online Certificate Status Protocol (OCSP) – mentioned by 57% of respondents. The second most popular is the Certificate Revocation List (CRL) – used by 42% of respondents.
Similar to what has been happening in recent years, 32% of respondents said they have not implemented any certificate revocation technique. Possible explanations for this relatively high percentage are the use of other means to remove users or devices, the use of short-lived certificates, and the adoption of closed systems.
Hardware security modules (HSMs) continue to be used frequently to manage private keys.
The most commonly cited methods for deploying PKI in organizations are those based on an internal Certificate Authority (CA) or a managed service based on an externally-hosted private CA, according to 62% and 44% of respondents, respectively. The use of externally hosted private CAs showed growth over four years – from 38% of respondents in 2017 to 44% in 2021.
May 31, 2023
May 22, 2023
May 19, 2023
May 16, 2023
May 11, 2023
May 09, 2023
May 08, 2023
May 02, 2023
Previous
IoT could be worth US$12.6 trillion by 2030
Next
Managing millions of IoT devices challenges IT