PKI Automation – Are you a Leader or a Laggard?

By : Brian Trzupek | Senior Vice President of Product | DigiCert


The internet ecosystem has played a critical role in navigating the COVID-19 induced operating issues all over the world, increasing digital reliance. This emphasises the need for automation, centralization, and digital agility.

In fact, our recent survey studying the state of PKI Automation in 2021 found out that a typical enterprise in the Asia Pacific (APAC) now manages more than 40,000 PKI certificates. This is a sharp increase from prior years, and we have found that enterprises in the region are having trouble managing the workload with as many as two-thirds facing outages caused by certificate expiration-related outages. As a solution, PKI Automation has come in to fill the gaps.

Organisations’ attitude towards PKI Automation

Most APAC organizations expressed an interest in PKI automation. Within the region, almost 9 in 10 (86%) respondents to this survey said that they’re at least discussing PKI automation. What’s more, 70% of survey participants said that they expected to implement a PKI automation solution within 12 months, while 10% said that they were already in the process of implementing or had already implemented a solution.

Drawing to the rapid growth of PKI in (APAC), we discovered that businesses in the region maintain more than 40,000 certificates. User and server certificates, like in other regions, are the most common, followed by web servers, mobile devices, and email. This is a significant increase over previous years, and there is substantial evidence that businesses are struggling to keep up with the workload. In actuality, two-thirds of companies have suffered disruption as a result of certificates terminating abruptly. In APAC, 35 percent of businesses suffered five to six disruptions in the preceding 6 months, in contrast to the global average of 25 percent.

This leads us to the trends that are pushing businesses to automate their PKIs, such as increased workload. With 65 percent of respondents reporting that they are slightly to extremely concerned about how much time is spent managing certificates, so far APAC is the region where many organisations are apprehensive about the amount of time spent monitoring certificates.

Another issue which comes to the fore is visibility. More than three departments are used by 35% of businesses to administer certificates, increasing complexity and havoc. According to the average  organisation in APAC, up to 1,200 of its certifications are unmanaged. Additionally, it is the region where rogue certificates are more common. Rogue certificates that were installed without IT’s knowledge or oversight are regularly discovered, according to 48% of respondents.

What PKI Automation involves

PKI is ubiquitous in almost every element of technology. It is critical for user authentication and signing, as well as IoT, DevOps apps and services, digital document signing, and much more. PKI entails issuing new digital certificates, renewing digital certificates as they approach expiration, revoking these certificates as applicable, and automating extended provisioning processes such as LDAP and Exchange entries.

However, managing PKI is quickly becoming impossible to do manually. Organizations are shifting to PKI automation for a variety of reasons. Therefore, it is important to classify what PKI automation is. When clients hear “automation,” what comes to mind is the installation of a certificate on a server, as well as the desire to find the certificate no matter where it is or how it fits into the environment. The process is influenced by various factors and organisations want to inventory, manage, and monitor it once their teams have uncovered it.

PKI automation, in brief, considers an evolving landscape in which organisations looking to govern and manage control. We believe this assists business to gain awareness and distinction among their clientele. Detection, management/reporting, notification, automation (via privileged access management or vault), followed by CA (certified authority) integration, and third-party CA or certificate import are all key components.

Leaders versus laggards, with everyone else in the middle

It is established from our survey that some businesses are facing challenges in their automation efforts. These roadblocks include high automation costs, complexity, regulatory concerns, and management resistance to change. And how these organisations respond to this pivot will determine whether they are leaders or laggards, or whether they are in the middle of the spectrum.

What is the difference between a leader and a laggard? The leaders tend to be two or three times better at managing digital certificates, issuing and revoking certs, compliance, minimizing PKI security risks, etc. PKI management leaders have also demonstrated that they are considerably more accountable for their certificate inventories as compared to their competitors, while ranking themselves worse-off. Despite that, they reported fewer certificate-related outages or rogue certificates, indicating that they were doing considerably better than they had assumed.

PKI leaders are twice as concerned about the time it takes to manage PKI certificates. This keeps them focused on PKI management. Second, rogue certifications are a significant concern for them. Third, PKI leaders believe that PKI automation is critical to their company’s long-term success. This could explain why they are six times more likely to have already deployed PKI automation.

The laggards, on the other hand, face substantial penalties as a result of their inexperience with PKI certificates such as compliance concerns, security issues, lost customers, and an overworked state.

 In Conclusion

With digital transformation accelerating rapidly, businesses must adopt stronger cybersecurity measures to protect their customers and their company networks. Those who do will gain a strong competitive advantage. Ensuring strong PKI deployment and unified certificate management is key to their success. Leaders can start by putting together a plan to address PKI automation this year. 

About The Authtor :

Brian Trzupek is Senior Vice President of Product at DigiCert. A crypto and security tech by day and night, Brian brings nearly two decades of expertise on many security subjects to the team. He’s constantly innovating use cases for enterprise PKI.

He previously worked for more than six years as VP of Managed Identity and Authentication at Trustwave where he helped fight cybercrime, protect data, and reduce security risk. While at Trustwave, he testified before a congressional panel on the Dec. 2013 Target breach. Prior to Trustwave, he was a founder of Creduware Software, Inc., a company that automated credential password and digital certificate renewal and installation, as well as policy based application monitoring