Increased Adoption of PKI Essential to Achieve Zero Trust Strategy: IT Security Survey

CLEVELAND — Nearly all North American enterprise IT security leaders (96%) say public key infrastructure (PKI) and digital certificates are essential to achieving zero trust architecture, according to a survey from Pulse Research and Keyfactor, a provider of PKI as-a-Service (PKIaaS) and crypto-agility solutions.

Still, only 39% use PKI as part of their zero trust security strategy today, according to the survey, which is said to explore enterprise security priorities, the challenges of zero trust strategy implementation and the use of PKI and digital certificates within a zero trust architecture.

“Adopting a zero trust strategy is an important step to ensuring a robust security posture, especially as digital transformation continues and organizations move their security to the cloud,” says Chris Hickman, CSO, Keyfactor. “Yet the survey results reveal a concerning gap between perception and reality. While most leaders recognize that PKI is essential to a successful zero trust security strategy, most are not actively incorporating it into their identity and access management [IAM] program.”

PKI is comprised of digital certificates and cryptographic keys that provide trusted and secure connections to protect user and machine identities. A zero trust model relies on trusted connections, controls and machine identity authentication to mitigate security risks and ensure machine-to-machine communications are secure.

Additional key findings:

• Adoption drivers: 68% are prioritizing zero trust strategy implementation for security risk mitigation with 50% citing time-to-breach detection reduction
• Investment priorities: 72% of IT leaders cite cloud-first migration followed by remote workforce (65%) and digital customer experience improvements (46%)
• Budget allocation: 92% of respondents have allocated up to 20% of their 2021 technology budget to PKI and/or cryptography investments
• Implementation challenges: 73% see technology gaps as their organization’s greatest barrier to implementation, followed by cost concerns (69%) and a talent or skills shortage (45%)
• PKI requirements: 71% of IT leaders are prioritizing key and certificate visibility, followed by enabling automation (56%) and cloud-first PKI deployment (49%)

“The proliferation of digital certificates and keys within the enterprise will continue to rise, especially as a reliance on distributed IT and the remote workforce continues,” says Hickman. “Scalability is a key consideration when building out a zero trust architecture. However, PKI alone does not equate to zero trust. To be successful and fully achieve zero trust organizations also need the automation, process and security controls necessary to support it.”

The survey was conducted by Pulse Research on behalf of Keyfactor and included responses from 100 North American executive and vice president-level IAM leaders in enterprises with between 5,000 and 10,000+ global employees.

To view the complete findings and to download the report, go here.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Related Content

NFID Foundation Aims to Establish Decentralized Identity in Security Industry

Artificial Intelligence Tops List of Policy Priorities at 2024 Security Hill Day

TCG and OST2 Partner to Deliver TPM Usage Training and Develop Cybersecurity Experts

These States Have the Highest and Lowest Average Cybercrime Victim Losses