Uncategorized

How cloud and IoT services are driving deployment of public key infrastructures

(c)iStock.com/cherezoff

A new study from Thales and the Ponemon Institute has found that, for more than three in five businesses polled, cloud-based services were the biggest trend driving the deployment of applications using public key infrastructures (PKI).

PKI refers to the ability for users and organisations to send secure data over networks; as defined by TechTarget, it “supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks such as the Internet and verify the identity of the other party.”

According to the research, which surveyed more than 5,000 business and IT managers in 11 countries and across five continents, PKIs are being used to support more and more applications. The greatest usage is in the US, but on average PKIs support eight different apps within a business, up one from this time last year. For the 62% of respondents who say they use PKI credentials for public cloud-based applications and services, it represents a 12% increase on 2015.

Yet the report’s findings were not all positive. More than half (58%) of those polled say their existing PKI is not equipped to support new applications, while more worryingly, 37% say they have no existing PKI in their organisation.

Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, argued that in an increasingly cloud and IoT-enabled business landscape, businesses who are not adhering to best practice guidelines around PKIs could see serious danger.

“As organisations digitally transform their business, they are increasingly relying on cloud-based services and applications, as well as experiencing an explosion in IoT connected devices,” he said in a statement. “This rapidly escalating burden of data sharing and device authentication is set to apply an unprecedented level of pressure onto existing PKIs, which now are considered part of the core IT backbone, resulting in a huge challenge for security professionals to create trusted environments.

“In short, as organisations continue to move to the cloud it is hugely important that PKIs are future proofed – sooner rather than later,” Dr. Ponemon added.

Recent studies around encryption and cloud security have the potential for progress. In August, a research paper from Microsoft offered the concept of a secure data exchange where the cloud performs data trades between multiple willing parties to give users full control over the exchange of information.