Key Takeaways from the 2024 PKI & Digital Trust Report

If the past 10 years of digital transformation have taught us anything, it’s that transformation can’t happen without trust. 

From complex cloud migrations to aggressive M&A strategies to the deep digitization of operations and processes, the opportunity for transformation is only as good as the reliability and security of those efforts. 

AI, quantum, compliance regulations, and other forces are raising the stakes of digital trust. Digital certificates and public key infrastructure (PKI) will enable digital trust now and in the future, but getting a handle on certificate management and PKI has proven to be elusive for many organizations.

In Keyfactor’s 2024 PKI & Digital Trust report, we take a look at the state of PKI and certificate management and where organizations are finding both success and frustration. 

Even as organizational leadership has come to recognize the importance of crypto-agility and PKI, the escalating volume of certificates used by the average organization is outpacing their ability to manage.

• More organizations than ever feel they are deploying more certificates than ever – 91% compared to 74% in 2023 and 61% in 2021. 
• Over 70% of organizations agreed they need more staff and resources to manage PKI effectively. 
• On average, respondents reported three incidents in the past 24 months concerning certificate outages, failed audits, and security breaches. 
• Only 32% of organizations reported using a dedicated certificate lifecycle management tool.

In other words, more certificates mean more problems when managed manually. Between remote work, IoT, and the cloud, business is headed toward an even more digital future. Certificates and PKI will continue to scale to support a larger digital footprint. 

At the same time, volume is exploding, and certificate lifespans are shrinking. That means not only are there more certificates, but they must be renewed more frequently — a factor that makes manual management even less feasible. 

Organizations are taking various approaches to getting their arms around certificates and PKI, but they’re still struggling. It’s unclear whether they lack technical skills, correct tooling, or effective methodologies. But one thing is clear: outages are still plaguing enterprises. 

• 99% of respondents said their organizations have a machine identity management strategy in place, however:
• The average organization experienced nine certificate-related incidents over the past 12 months.
• On average, it takes 2.6 hours to identify a certificate-related outage and another 2.7 hours to remediate it.
• It takes an average of eight staff members to remediate an outage, and they have to drop whatever they’re doing to fix it. 

The “all hands on deck” nature of an outage creates untold ripple effects throughout the entire business. If IT, security, or infrastructure teams are handling PKI on top of their other duties, outages massively detract from their primary responsibilities. 

Outages should simply not be happening to any organization. Outages are a symptom of deeper mismanagement. Maybe there is no ownership over PKI and teams are spinning up their own CAs and certificates without documenting them. Maybe certificates are being tracked in spreadsheets or a homegrown tool, allowing an expiration to slip by unnoticed. 

An outage is hardly ever a one-off event. It’s a sign that something bigger is happening and that the digital infrastructure is untrustworthy. That has business implications. When you lack digital trust, you can’t move fast or move boldly. It’s like a car that dies on you. Even if you repair it, you don’t feel confident driving it. If your car always has something going wrong, you probably can’t trust it for a big trip.

The advent of AI and the developing quantum landscape promises new possibilities but also new risks and attacks. The vast majority of organizations envision PKI and cryptography to remain central to the future of innovation. 

However, the report’s findings showed a gap between what they believe and how they’re preparing. 

• 91% of organizations agreed that PKI is a key element in guarding against AI threats.
• Only 33% of organizations are preparing for quantum computing, and 95% report facing obstacles in their preparations.
• 80% of organizations are worried about adapting cryptography to these new threats.

When the future is uncertain, agility is key. Organizations must shore up their processes and infrastructure to become more adaptable, flexible, and resilient — these add up to confidence.

Without confidence, you can’t move fast. Without constant, incremental evolution, every adaptation will require a huge, expensive, painful upgrade. Survival will simply become unfeasible. 

That means finding places in your teams’ workflows that are sucking up all their time and energy. Unless your organization has a dedicated in-house team for managing PKI, streamlining PKI and certificate management are no-brainers for adding efficiency and creating resiliency. 

PKI isn’t hard to get right, but it’s extremely easy to get wrong. With the rising stakes of outages, AI, and compliance pressure, organizations can’t afford to gamble with their PKI. 

In the coming weeks, we’ll publish more insights and commentary from our 2024 PKI and Digital Trust report. So stay tuned or download the report today and arm yourself with the information to make smart decisions for your organization and infrastructure.