The Dollars and Cents of PKI Solutions

Leaders taking a top-down view of their businesses may miss the boots-on-the-ground view, especially regarding security and the technical minutia involved in maintaining digital processes that keep the business going. 

Public key infrastructure (PKI) and the management of digital certificates are prime examples. If security is ancillary to the business’s main focus, PKI is ancillary to security. It is a crucial mechanism of a necessary apparatus that prevents bad things from happening so the business can pursue its primary purpose and goals. 

As such, PKI is often neglected. Though it’s hardly central to the business’s mission, under-resourced and mismanaged PKI is draining more resources than organizations and leaders are likely aware of. 

In brief, PKI and digital certificates secure interactions between digital systems and encrypt data. Think of these certificates as passports: forms of identity issued by a trusted authority. Like passports, these certificates expire after a certain period and must be reissued.

Managing these certificates is more challenging than it sounds. 

• The average organization maintains over a quarter million certificates at any given time.
• Tracking, managing, and issuing new certificates is very manual and technical.
• It only takes one expired certificate to cause a service outage. 

So of all the problems in the business to solve, why solve this one? 

Because mismanaged certificates and PKI are costing the business millions of dollars and costing even more in downstream inefficiencies.

In Keyfactor’s 2023 State of Machine Identity Report, 77% of respondents said their organization had experienced at least two significant certificate-related outages in the past 12 months. Over half of respondents said these outages caused severe disruption to customer-facing services, internal users, and subsets of customers. 

These disruptions aren’t trivial. The costs of lost business and reputational damage are substantial. Unplanned downtime caused by expired certificates can cost organizations more than $300,000 per hour. According to the State of Machine Identity Report, it takes the average organization 3.79 hours to identify, remediate, and recover from a certificate-related outage, which puts costs at around $1.1M. 

Very few companies have a dedicated PKI team. More often, the responsibility of managing certificates and PKI falls to IT and/or security teams. When you consider the volume of certificates in your organization’s environment — 256,000 on average — the risk of managing them through spreadsheets or legacy homegrown tools becomes obvious.

These teams are often overworked already. Inefficient PKI processes only make their job harder. They exacerbate burnout, which creates turnover costs, and they distract these teams from their primary duties. That means it costs more to resource IT and security teams and increases the likelihood of error in these roles.

In fact, 53% of respondents in the State of Machine Identity Report said they don’t have enough staff to deploy and maintain their PKI. As machine identities continue to explode in volume as organizations shift to the cloud, make acquisitions, adopt IoT devices, and digitize more business processes, the task of managing PKI at scale will only become more burdensome.

PKI is an intensely technical niche. IT and security teams rarely boast PKI-specific expertise. Therefore, they may not have the wherewithal to improve these processes and architect PKI more efficiently. They may not even know what to look for in searching for a PKI solution.

Just because some team somewhere in the organization is managing PKI doesn’t mean they’re doing so with any overarching strategy. Quite often, there’s no centralized ownership of PKI and certificate management. In this case, teams who use certificates (like DevOps teams) find their own vendors and adopt their own solutions. 

The problem is that they often do so without regard for security, and they don’t document the certificates they create and issue. Untracked certificates lurk within the infrastructure, waiting like a time bomb to expire and cause an outage. 

When siloed teams seek out their own PKI solutions, they create redundancy and sprawl — which incurs unnecessary cost and complexity. 

Some organizations find it doable to compose and implement enterprise-wide PKI architecture, policies, and tools that mitigate the costs of PKI.

Do you have the time to do that? Is managing your PKI in-house really how you want to spend your budget? 

Many organizations find it more efficient and effective to take PKI completely out of the hands of their in-house teams through partners who provide PKI as a Service.

These vendors and their tools proactively discover and track any and all certificates in the environment and compile them into a universal management hub.

PKI partners have the skills and knowledge that IT and security teams lack. They can create efficiencies and implement best practices that simplify, scale, and minimize the overhead of PKI. Meanwhile, your in-house teams can return to business with way more bandwidth.

The right PKI vendor will leverage standards like ISO 27000, PCI-DSS, SOC2, and more to secure your infrastructure in today’s rapidly changing threat environment. This gives security teams confidence and gives management evidence that their PKI is following industry security best practices.

With a streamlined, expertly managed PKI, your organization can pursue new initiatives, prepare for quantum computing, and stay ahead of emerging threats.

For the business to succeed, it must be able to trust its digital infrastructure. As with so many aspects of transformation, outsourcing niche-but-necessary expertise to specialized partners can provide an instant lift to the entire business.

With Keyfactor, organizations get all the advantages of a best-in-class PKI without the effort and expense of running it in-house. Check out our Essential Guide to Evaluating PKI Solutions and learn how to pick the right PKI Solution for your organization.