Not too long ago, PKI was declared dead. Why?
Because it's expensive.
It's complicated to implement.
It's old and clunky technology.
Today, nothing could be further from the truth. With the rise of digital business, PKI is a key player and has never been more in demand and transparently used in day-to-day life.
PKI is powerful, proven and has stood the test of time. It's the best, most scalable way to manage and secure communications, especially with the option of hosted PKI. It dramatically reduces the amount of on-premises hardware and in-house expertise required, making implementing PKI simpler than ever.
Even so, you might be thinking that you haven't heard a lot of buzz around PKI lately. That's because we are talking about PKI in a whole different way. Instead of referring to the product or technology as "PKI," we're talking about it via use cases.
Device certificates are among the top use cases we're seeing, and you likely use them daily. Basically, all connected devices need certificates. What used to be IT departments contending with IT devices has turned into a more complex environment with BYOD becoming commonplace. The increasing number of devices not provisioned by IT has resulted in a larger attack surface and higher risk.
Personal devices containing corporate credentials and data require strict security management to ensure trusted access. Typically, this is done with the combination of a Mobile Device Management (MDM) solution, and the strong security credentials (i.e., digital certificates) of PKI. Without digital certificates, the communications to authenticate a user and validate a device wouldn't be secure and would pose a great risk.
The conversation about device certs doesn't stop with mobile devices. In the 2019 Ponemon Global PKI and IoT Trends report, Internet of Things (IoT) came in third for the top trends driving the deployment of applications using PKI, almost doubled from four years ago. IoT can certainly be seen as a use case for device certs. Basically, you're looking to provide strong security and credentials to another smart and connected device — maybe not a smart phone this time, but rather something like a car. Organizations are going to have to continue to contend with more technologies coming into their trust environments, which will require more devices being connected to the corporate servers.
The most important trends driving the deployment of applications using PKI Source: 2019 Global PKI and IoT Trends Study, Ponemon Institute
Gartner also sees the extension of BYOD happening in the next handful of years:
"Through 2023, 30% of IT organizations will extend BYOD policies with 'bring your own enhancement' (BYOE) to address augmented humans in the workforce."
They referenced examples of this already happening in certain industries: " automotive and mining are using wearables to increase worker safety, while travel and healthcare are using wearables to increase productivity."
Whether or not it's called BYOE, the idea that there will be a future use case beyond BYOD is certain. Any technology that we use in our professional lives, we will certainly try to leverage in our personal lives (and vice versa). Which means even more devices will need to be secured. And considering the security around IoT and connected devices hasn't fully matured yet, the explosion of device certs hasn't even begun. But one thing is for sure, PKI will be there.
Check out our MDM solution brief for more information on the benefits and importance of an MDM integration, and which vendors we work with.