The Future of PKI: Three Trends That Will Influence the PKI Market in the Coming Year

Over the past 20+ years, PKI has played a critical role in shaping the security of our digital world. And in the next 20 years, we can expect the same to be true.

Today, as we look at what’s in store for the future of PKI, three trends, in particular, stand out for their propensity to influence the PKI market in the coming years.

Martin Oczko, Vice President of Products at PrimeKey, dug into these trends as he shared his outlook on the future of PKI at PrimeKey Tech Days 2021. Here’s a look at the highlights from his presentation.

PKI is a critically important tool that brings trust to machines, connected devices, and infrastructures. Over the years, it has transitioned from a niche technology that was only relevant in specialized business cases to something of a silver bullet that is well-positioned to solve many challenges in today’s digital world.

As a result of this evolution, the number of use cases explodes every day. Some of the newest use cases for PKI include vehicle to infrastructure communications, Industrial Internet of Things (IIoT) ecosystems, where NIS 2.0 regulations are now mandatory in many cases, and COVPASS, which is a digital vaccination path for COVID-19 now used across Europe.

Of course, these are just a few of many new use cases to emerge, as PKI has become ubiquitous over the past few years.

As these new use cases continue to emerge, the requirements and standards for PKI are evolving quickly. Essentially, we’ve reached the point where organizations can only deliver on these new use cases and requirements if they can fully control end-to-end PKI. This typically aligns to four focus areas:

• Execution environment and delivery model: Organizations need a highly scalable, flexible, and trustworthy environment through which to deliver PKI. Additionally, this environment needs to be use case-oriented. This area of focus is where organizations should consider industry appliances and weigh the value of SaaS vs. on-premise platforms.

• Cryptography, data, and certificate formats: Several standards have emerged to guide the cryptographic elements of PKI, including X.509, 3GPP, C-ITS, CVC, post-quantum computing and more. Organizations must have a good grasp on all of these elements that serve as the building blocks of PKI.

• Processes, integrations, and API: With all the new PKI use cases emerging, we’ll see more and more demand for integrations into other technologies and ecosystems. In response, we’ve already seen the rise of many new APIs like ACME, MS AE, CMP, and REST. Organizations can rely on tools like EJBCA and SignServer to manage these integrations.

• Automation, control and reporting: Lifecycle management of certificates, including workflows and maintenance, is especially important. In fact, this is one of the most critical aspects of modern PKI, since organizations will need a way to automate certificate lifecycle management to effectively handle increasingly large and complex environments. Keyfactor Command and Management Center is one example of a solution that can support this automation, control, and reporting.

Along the way to adopting these new use cases and requirements, organizations should keep the cost structure for deploying PKI top of mind. For example, Keyfactor and PrimeKey are currently working on a joint offering to deliver end-to-end PKI management based on a subscription model to reduce the high entry costs of traditional PKI deployments.

Not to be confused with new use cases for PKI, this trend looks at the environment in which PKI actually operates. We have seen several new environments arise over the past several years that represent enormous changes for the entire PKI landscape.

These new environments include:

One of the most critical environmental shifts for PKI is the rise of big cloud deployments, such as those on AWS, Microsoft Azure and Google Cloud. These cloud environments allow for increased scalability and elasticity of PKI programs, all for a lower upfront investment.

The rise of DevOps practices and related tools like Docker, Kubernetes, GitLab and Jenkins have also bled into PKI. These DevOps tools are relevant to PKI for two reasons: 

1. All of these tools are used to deliver new software products that need to be connected in a secure way using certificates. Importantly, this creates new environments in which DevOps teams need to both issue and manage certificates.
2. PKI programs need to live in the same world as the end points they secure, and that means PKI needs to be available in the cloud or in on-premise container-based deployments depending on which approach teams use in their DevOps processes.

The rapid change in technology due to increasing connectivity and automation has also changed the environment for PKI, making it essential to connect PKI to production environments. We often talk about partially insecure operational environments, such as factories that don’t have a secure data center and/or lack IT and PKI expertise on the production floor. However, we need to make sure these production environments have high availability PKI to successfully secure all of the connected devices being built.

To solve this problem going forward, teams will need dedicated industrial appliances that can be easily deployed in production environments and also easily managed by IT staff (especially if they’re not on the production floor).

Finally, that brings us to digital sovereignty, which is often a very politically-driven topic. We’re best off breaking this down into two aspects: Data sovereignty and digital sovereignty.

Data sovereignty is mostly focused on privacy. Conversations about data sovereignty typically center around the questions of: Was the data stored where it’s processed? And is the data subject to the laws of the country in which it was generated?

Digital sovereignty includes the concept of data sovereignty but also asks the questions: Where is the technology used to process the data coming from? And where is that technology operated?

Projects like Gaia-X and Catena-X are new efforts related to digital sovereignty that are intended to create a decentralized European data infrastructure. These efforts are likely to create demand for national and regional solutions for trusted identities and related services like certificate signing.

Given this trajectory, PrimeKey is a proud member of the Gaia-X project and regularly collaborates with cloud providers to offer readily available solutions around the world. Today, we have offerings on AWS and Microsoft Azure that are available globally and can be deployed with just a few clicks.

We’re also working on plans to offer cloud deployments with European cloud providers.

There are numerous important changes on the horizon for PKI, and we can expect to see the direct impact of these market trends in the coming year.

The joint PrimeKey and Keyfactor teams continue to invest in keeping our technologies up to date to support these new use cases, new environments and new regulatory concerns — all in pursuit of offering the most complete end-to-end PKI experience. Interested in learning more about what’s in store for the future of PKI and how PrimeKey and Keyfactor are responding?

Click here to watch the full presentation from Martin Oczko at PrimeKey Tech Days 2021.