The survey was attended by about 750 people, who also raised questions about digital signatures and DevOps. Our analysis included IT decision-makers and leaders in industries including government, finance, health, and engineering. The questions covered a range of topics – from the participant’s use of PKI to the solution, to their participation in DevOps.

If you are not familiar with the term, PKI enables companies and systems to exchange data more importantly to verify the validity of a certificate-holding entity. PKI-based technology and solutions allow users to authenticate digital certificates, including encryption of data and a public key for cryptographic authentication. All types of sensitive data depend on PKI, and GlobalSign is proudly recognized as one of the world’s leading providers of PKI-based security technology.

Why PKI?

One of the first things we wanted to know was what kind of PKI or certificate-based solution respondents were using. Not surprisingly, about 75% of people said they were using public SSL or TLS certificates and about 50% said they were dependent on private SSL and TLS. A third (30%) of participants stated that they use certificates for digital signatures, while slightly fewer responded that they depend on PKI for secure / multipurpose Internet mail extensions (S / MIME). S / MIME is a widely accepted protocol for sending digitally signed and encrypted messages and is a solid option to protect email users from phishing. Given the increasing rate of phishing attacks worldwide, it is no surprise why it is an increasingly popular enterprise security solution.

More than 30% pointed to scalability for the Internet of Things (IoT) and 26% believed PKI could be applied to a wide range of industries. 35% of the respondents stated that they appreciate PKI for ensuring data integrity.

Common challenges in PKI implementation

While we know that PKI has a lot of value for an organization, it is complex. Because of this, there may be some challenges that come with implementing it.  Not surprisingly, the lack of internal IT resources is one of the biggest issues facing today’s organizations – simply not having skilled staff to deal with PKG management. In addition, 17% of respondents reported longer deployment times for PKI projects and about 40% stated that provisioning and lifecycle management can become very time consuming.

We also learned from this survey that some companies are using their own internal certificate authority despite pressure on IT resources. Obviously, switching to automated and managed approaches is becoming more popular.

GlobalSign’s PKI survey also pointed to the increasing use of digital signatures. More than 50% of survey participants stated that they are actively signing digital to protect the integrity and authenticity of their content. As they chose digital signatures, 53% of respondents said that regulatory compliance was a driving factor, while 60% cited green – destroying paper – as the reason. Time savings were also cited as a major reason for switching to digital signatures, with the ability to reduce document turnaround time as one of the great benefits of using PKI-based technology.

Rise in DevOps

Our survey would not have been complete if we did not ask about DevOps, the market was expected to reach around $ 13 billion by 2025. While DevOps has taken the software industry into a storm with its automated business processes and agility, the reality is that the approach opens up security risks. As of now, the process of obtaining a certificate in a DevOps environment is difficult, time consuming and error prone. For example, developers and companies should include:

– Explosion number of keys and certificates, which serve as machine identities on load balancers, virtual machines, containers, and service meshes. Keeping the machine’s identity in mind can quickly become chaotic, costly and risky without the right technology.

Weak certificates or unexpected certificate terminations when proper policy enforcement and monitoring practices are not in place. Such downtime need not say that it can have a significant commercial impact.