The number of connected machines, applications, and devices continues to rise, but IT teams are being tasked with finding a solution to manage and protect these assets while maintaining a flat budget and employee headcount. Here, Chris Hickman, chief security officer at Keyfactor, puts forth a modern, cloud-based approach to protect distributed IT infrastructure. He believes cloud-hosted Public Key Infrastructure, a flexible and scalable security tool can empower IT, teams, to manage connected machines and devices securely.Â
Public Key Infrastructure (PKI) has been used to protect secrets and identities in government and enterprise environments for years. In its early days, there were not many practical use cases for PKI, and the corporations adopting it would typically stand up an internal, privately rooted PKI exclusive to their enterprise. In recent years – and this year in particular – PKI has spiked in popularity as a tool to address non-traditional OT and IoT use cases brought on by the rapid shift to remote work and distributed systems.
Enterprises are generally more comfortable working with PKI and cryptography, and many of them manage their own in-house PKI. The challenge for those companies in today’s climate is two-fold: having the ability to modify their existing PKI to meet new use cases and scale it to accommodate the ever-expanding number of digital certificates and keys it manages. Traditionally, it was typical for most enterprises to have hundreds of thousands of certificates and keys in the organization. Nowadays, certificates and keys in a single enterprise can measure in the millions, with some larger enterprises approaching one billion.
Cloud-hosted infrastructure offers organizations the elasticity and compute power necessary for distributed workloads. Cloud-hosted PKIOpens a new window offers those same benefits, making it a viable option both for enterprises struggling to modify and scale existing in-house PKI, and for businesses seeking a new PKI solution that is more lightweight and affordable than traditional, on-premises PKI. Recent researchOpens a new window indicates that 67% of surveyed organizations included or planned to include PKI deployment as part of their cloud-first strategy.
Learn More: Cyberattacks on Critical Infrastructure to Worsen in 2021: Here’s How to Protect Your Data
Making the Case for Cloud-Hosted PKI
IT leaders and teams are being asked to do more for less. The number of connected machines, applications, and devices continues to rise. Still, teams are being tasked with finding a solution to manage and protect those assets while maintaining a flat budget and employee headcount. The research above found that only 38% of respondents indicated they have sufficient IT resources dedicated to their PKI. There are countless proof points that justify the technical merit of cloud-hosted PKI as a flexible and scalable IT security tool.
Here are six reasons leaders can use to build the business case for cloud-hosted PKI adoption:
- Security and risk mitigation – when algorithms change, your team is on the hook to update the company’s PKI to mitigate operational and security risk. The SHA-1 to SHA-2 migration is one example that demonstrated the significant workload and outage risk these migration paths present.Â
- Cost of ownership – between deployment costs, PKI consulting services, use case planning, hardware, software, and root signing ceremonies, the costs associated with on-premises PKI ownership can add up quickly. Cloud-hosted PKI consolidates and reduces those fees, simplifying deployment for the team while minimizing PKI-related spend.
- Staffing turnover – it is critically important that when building an in-house PKI, the right expertise is in place to ensure infrastructure and processes are established correctly. As the staff leaves the organization, filling PKI-related roles becomes more difficult and poses unexpected knowledge gaps.Â
- Business growth – new use cases like IoT, cloud, and DevOps are continually making it harder for teams to manage complex challenges and certificate issuance. Cloud-hosted PKI is continuously updated with new use cases, which lessens administrators’ pressure to keep on top of changes.
- Root CA renewal – in terms of timing, root CA renewal is an ideal time to re-think and potentially transition your PKI.Â
- Imminent M&A activity – like the root CA renewal, mergers, and acquisitions provides an opportunity to assess the status of your PKI and potentially seek or evaluate new options.Â
Learn More: Why Policy-Based Access Control Is Critical for Securing Data in the Cloud
In terms of securing machines, servers, and application identities, having the ability to separate lines of business from product lines in an efficient, secure and scalable way is mission-critical; cloud-hosted PKI makes that mission attainable.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!