26 January 2023

Samantha Mabey, product marketing director of PKI & IoT, Entrust

The Entrust 2022 Global PKI and IoT Trends Study, in collaboration with Ponemon, identified that IoT is a top trend driving the deployment of PKI, but also a top area of uncertainty. As we look to the year ahead, organizations need guidance on how to navigate the challenges of IoT and PKI deployment in a world increasingly interconnected by billions of devices, identities, and workloads.

The challenges of IoT

The cybersecurity landscape is always changing as bad actors discover new ways to infiltrate organizations. From a security perspective, we are seeing that organizations are drawn to adopting IoT strategies into their security structure. However, one of the key challenges highlighted by the 2022 Global Trends Study is that organizations lack the skills and resources required to deploy and manage PKI, the backbone of IT security and a key component to secure IoT. This is largely down to the skills gap which plagues the entire cybersecurity profession, a shortfall between the skills, resources, and talent needed and the amount available.

In addition to the lack of skills and resources, our study found that there is no clear ownership of PKI. This suggests to us that, although they are adopting IoT practices, there might be an issue as to who is overseeing this change and strategy, which could negatively impact their security posture.

The role of IoT in the application of PKI

As organizations plan the evolution of their security strategies, new applications like IoT and external mandates and standards have been, and continue to be, the biggest areas expecting change and uncertainty.

With IoT being highlighted as a primary driver for PKI deployment, it’s not surprising that scalability to millions of managed certificates continues to be the most important PKI capability for IoT deployment. This is due to the growing number of machine identities – an overarching category which includes IoT devices. These machine identities are growing at a rapid rate, both in volume and in diversity. Gartner recently stated that machines now outnumber humans by an order of magnitude. This growth in the number of machine identities and the need for PKI to scale to millions for IoT could also explain the increase in the number of certificates organizations are issuing and managing. The study has revealed that from 2019 to 2022, the number of certificates organizations are issuing and managing has increased by more than 50%.

Knowing PKI is the backbone of IT security, it will play a vital role in the credentialing of IoT devices. The study shows that in the next two years, an average of 44% of IoT devices in use will rely primarily on digital certificates for identification and authentication. Furthermore, just over a third of respondents believe that as the IoT continues to grow, supporting PKI deployments for IoT device credentialing will become a combination of cloud-based and enterprise-based.

What we’re seeing is that securing cloud applications and IoT are top of mind for organisations – these are considerations that have significantly changed the digital security landscape by moving security outside the four walls of an organization. But when we see that new applications like IoT are also areas expecting the most change and uncertainty, it tells us that while they might be thinking about it, organizations haven’t quite figured out what that change looks like.

Very much related, but arguably more important is external mandates and standards. Not just IoT, but cybersecurity in general, is being evaluated at all levels across the globe, and those mandates can be difficult to navigate, especially without the right skills and resources internally to do so. This will only continue to become challenging with future threats like post quantum, where the transition will be very involved and take several years.

Although IoT adoption has been taking place for quite some time, the speed at which it’s happening – and that organizations need to navigate the change – has increased, and its future is looking fruitful. As we examine the IoT landscape from a security perspective, we need to be ready - not only for organizations that require protection, but for new environments and technology challenges that appear as technology evolves.