Endpoint
10/4/2017
09:40 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

PKI delivers security to accelerate IoT, Cloud adoption: Thales

San Jose, CALIF. – Oct. 3, 2017 – Thales, a leader in critical information systems, cybersecurity and data security, announces the results of its third annual 2017 PKI Global Trends Report. The report, based on independent research by the Ponemon Institute and sponsored by Thales, reveals the Internet of Things (IoT) is playing an increasingly important role in influencing public key infrastructure (PKI) planning and usage. PKIs, widely used for authentication, digital signing, and encryption, are considered a core service supporting many different use cases and applications.

While a majority (54 percent) of respondents believe cloud-based services is the most important trend driving the deployment of applications using PKI, 40 percent also cited the IoT – a number that has doubled in the past three years. The findings, which reflect the responses of over 1,500 IT security practitioners worldwide, paint a picture of technological evolution and some uncertainty, but also opportunity:

  • In the next 2 years, almost half (43%) of IoT devices will use digital certificates for authentication
  • 43% of respondents believe PKI deployments supporting the IoT will be a combination of cloud-based and enterprise-based PKIs – a number that reflects the scale of the IoT and resulting scale of PKIs issuing certificates for it
  • Over one-third of respondents (36%) cite new applications like the IoT as the fastest growing area of PKI evolution (a number that has almost tripled since 2015)
  • On average, PKIs support more than 8 different applications within a business; SSL tops the list, followed by VPNs, public cloud apps, and device authentication
  • Almost two-thirds of organizations now report having a PKI and 36% of respondents use hardware security modules (HSMs) to protect their PKI

Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, says:

“Last year, we underscored that it is hugely important PKIs be future proofed – and we still stand by that recommendation. Not only are PKIs a core enterprise asset, but they are playing an increasingly important role supporting certificate issuance needs for cloud applications and the IoT. Smart organizations have determined that successful IoT deployment rests on trust being established from the beginning, and they’re leaning on their PKI as one component for building that trust.”

John Grimm, senior director security strategy, Thales e-Security, says:

“PKI is an established technology which is well-positioned to address growing authentication needs and challenges as we embrace cloud applications and the IoT. While the sheer number and types of IoT devices pose security and interoperability challenges, authentication is a critical building block in transforming trust from an IoT barrier to an IoT enabler. One way a root of trust can be accomplished is through HSMs, which are high-assurance sources of credentials for both IoT and non-IoT applications. In the years to come, we expect to see even more HSM deployment and other indicators of higher PKI security maturity to help underpin the digital transformation of enterprises.”

Download your copy of the new 2017 PKI Global Trends Study.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches
Dawn Kawamoto, Associate Editor, Dark Reading,  12/4/2017
Tips for Writing Better Infosec Job Descriptions
Kelly Sheridan, Associate Editor, Dark Reading,  12/4/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.