PKI Use is Main Driver for IoT Security
PKI use is increasing due to the growing impact of the Internet of Things (IoT).
According to research by Thales e-Security and the Ponemon Institute of 1688 IT and security practitioners, 44% said that IoT was the most important trend driving the adoption of applications using PKI as a core enterprise asset and a root of trust.
To secure PKI, 62% said that they use multi-factor authentication and certificate authorities, while 48% opt for a ‘physical secure location’ and 30% only use a password.
Speaking at a roundtable in London to launch the report, John Grimm, senior director security strategy at Thales eSecurity, said that there were “endless possibilities” for PKI use in IoT. He said that with IoT, security is a common concern.
He claimed that this is causing more and more enterprises to be resilient on PKI, as nothing is driving security for consumer IoT, but businesses need to know what is being allowed to access the network.
Also speaking on the roundtable was Clive Watts, senior product manager at Secure Thingz, who said that despite the uptake of PKI, there are insufficient skills and resources to enable its use. “The tipping point is on educating people on PKI and how it can be used, as there are multiple reasons on why to do it.” The research found that 48% of respondents said that insufficient skills on PKI was the main challenge to its adoption and deployment, in comparison to “no clear ownership” (70%).
Grimm commented that PKI has been used in the past for cloud and mobile, though 2018’s research showed that 45% of respondents use PKI for cloud and mobile – a drop from over 50% from the previous years’ research.
Dr Larry Ponemon, chairman and founder of The Ponemon Institute, said: “In previous years, we highlighted PKI as an established technology positioned to tackle the authentication needs and challenges to support the rise of cloud applications. Now, the C-suite is challenging its teams to leverage IoT to improve and drive business. With this comes the increased risk of more endpoints to protect, and the need to understand the role of PKI as a critical enabler.
“At the same time, this underscores the need for further advancement in skilling and resourcing related to PKI and the overall ownership within the organization.”
Source: Information Security Magazine