Company GlobalSign
If you're not familiar with the term, PKI allows systems to securely exchange data and verify certificate holders.
Let's take a look at some of the key findings from the study.
What is encrypted?
Overall, 61,76% of companies use PKI in one form or another.
One of the main questions that interested the researchers was what specific encryption systems and digital certificates the respondents use. No wonder about 75% said they use public certificates
This question was asked to companies that answered positively to the previous question about using PKI systems, and allowed for multiple responses.
A third of participants (30%) said they use certificates for digital signatures, while slightly fewer rely on PKI for email security (
We also looked at why companies choose PKI-based technologies in the first place. More than 30% indicated the scalability of the Internet of things (
General problems in implementation
While we know that PKI is of great value to an organization, cryptography is a fairly complex technology. Because of this, there are problems with implementation. We asked respondents what they think about the main implementation problems. It turned out that one of the biggest problems is the lack of internal IT resources. There just aren't enough skilled workers who understand cryptography. In addition, 17% of respondents reported long project deployment times, and nearly 40% mentioned that lifecycle management can be time consuming. For many, the high cost of dedicated PKI solutions is a barrier.
We learned from the survey that many companies still use their own internal certification authority, despite the load that it creates on the company's IT resources.
The study also indicated an increase in the use of digital signatures. More than 50% of survey participants said they actively use digital signatures to protect the integrity and authenticity of content.
As for why they chose digital signatures, 53% of respondents said compliance was the top reason, while 60% cited the adoption of paperless technology. One of the main reasons for switching to digital signatures is time saving. As well as the ability to reduce document processing time is one of the main advantages of using PKI technology.
Encryption in DevOps
The study would not be complete if respondents were not asked about the use of encryption systems in DevOps, a fast-growing market that is projected to reach $13 billion by 2025. Although the IT market very quickly switched to the DevOps (development + operations) methodology with its automated business processes, flexibility and Agile approaches, in reality, these approaches open up new security risks. Currently, the process of obtaining certificates in a DevOps environment is complex, time-consuming, and error-prone. Here's what developers and companies are facing:
- There are more and more keys and certificates that serve as machine identifiers in load balancers, virtual machines, containers, and service networks. Chaotic management of these identifiers without the right technology quickly becomes costly and risky.
- Weak certificates or unexpected certificate expiration due to lack of good policy enforcement and monitoring practices. Needless to say, such downtime has a significant impact on the business.
Therefore, GlobalSign offers a solution
Public key cryptosystems are one of the most fundamental security technologies. And it will remain so for the foreseeable future. And with the explosive growth we're seeing in the IoT sector, we're expecting even more PKI deployments this year.
Source: habr.com