Company GlobalSign how and why companies generally use public key infrastructure (PKI). About 750 people took part in the survey: they were also asked questions about digital signatures and DevOps.
If you're not familiar with the term, PKI allows systems to securely exchange data and verify certificate holders. include digital certificate authentication and public keys for encryption and cryptographic data authentication. Any sensitive information relies on a PKI system, and GlobalSign is considered one of the world's leading providers of such systems.
Let's take a look at some of the key findings from the study.
What is encrypted?
Overall, 61,76% of companies use PKI in one form or another.
One of the main questions that interested the researchers was what specific encryption systems and digital certificates the respondents use. No wonder about 75% said they use public certificates , and about 50% rely on private SSL and TLS. This is the most popular application of modern cryptography - encryption of network traffic.
This question was asked to companies that answered positively to the previous question about using PKI systems, and allowed for multiple responses.
A third of participants (30%) said they use certificates for digital signatures, while slightly fewer rely on PKI for email security (). S/MIME is a widely used protocol for sending digitally signed encrypted messages and a way to protect users from phishing. Given the rise in phishing attacks, it's understandable why this is an increasingly popular solution for enterprise security.
We also looked at why companies choose PKI-based technologies in the first place. More than 30% indicated the scalability of the Internet of things (), and 26% believe that PKI can be applied in a wide variety of industries. 35% of respondents noted that they value PKI for ensuring data integrity.
General problems in implementation
While we know that PKI is of great value to an organization, cryptography is a fairly complex technology. Because of this, there are problems with implementation. We asked respondents what they think about the main implementation problems. It turned out that one of the biggest problems is the lack of internal IT resources. There just aren't enough skilled workers who understand cryptography. In addition, 17% of respondents reported long project deployment times, and nearly 40% mentioned that lifecycle management can be time consuming. For many, the high cost of dedicated PKI solutions is a barrier.
We learned from the survey that many companies still use their own internal certification authority, despite the load that it creates on the company's IT resources.
The study also indicated an increase in the use of digital signatures. More than 50% of survey participants said they actively use digital signatures to protect the integrity and authenticity of content.
As for why they chose digital signatures, 53% of respondents said compliance was the top reason, while 60% cited the adoption of paperless technology. One of the main reasons for switching to digital signatures is time saving. As well as the ability to reduce document processing time is one of the main advantages of using PKI technology.
Encryption in DevOps
The study would not be complete if respondents were not asked about the use of encryption systems in DevOps, a fast-growing market that is projected to reach $13 billion by 2025. Although the IT market very quickly switched to the DevOps (development + operations) methodology with its automated business processes, flexibility and Agile approaches, in reality, these approaches open up new security risks. Currently, the process of obtaining certificates in a DevOps environment is complex, time-consuming, and error-prone. Here's what developers and companies are facing:
- There are more and more keys and certificates that serve as machine identifiers in load balancers, virtual machines, containers, and service networks. Chaotic management of these identifiers without the right technology quickly becomes costly and risky.
- Weak certificates or unexpected certificate expiration due to lack of good policy enforcement and monitoring practices. Needless to say, such downtime has a significant impact on the business.
Therefore, GlobalSign offers a solution , which directly integrates with the REST API, EST, or , so that the development team continues to work at the same pace without sacrificing security.
Public key cryptosystems are one of the most fundamental security technologies. And it will remain so for the foreseeable future. And with the explosive growth we're seeing in the IoT sector, we're expecting even more PKI deployments this year.
Source: habr.com