Staying ahead of PKI challenges with cryptographic centre of excellence

By James Cook, VP Digital Security, Asia Pacific and Japan, Entrust

The past year alone saw businesses across the globe rapidly embrace digital transformation and accelerate migration to the cloud to meet the demands of hybrid working arrangements. Now, more than a year into pandemic-induced hybrid work, organisations must refine their approach to digital security to fill the vulnerability gaps caused by new technologies and distributed workplace environments.

With cyber threats evolving and growing in sophistication, organisations need to develop their cryptographic capabilities so they can respond with agility to new regulations and security threats.

A key pillar in this approach is the use of Public Key Infrastructure (PKI) – that is, the use of public keys to manage security of data and identities through encryption. PKI is almost the starting point for the connected world, and it is an organisation-wide stance and a governance culture rather than a piece of hardware or a switch to be installed.

Understanding the challenges in PKI adoption

PKI adoption rates continue to rise in 2021, particularly with the increase in remote working, cloud and the Internet of Things (IoT). At the same time, the challenges organisations face in deploying and managing PKI are also growing.

According to new research from the Ponemon Institute, there is a major mismatch between the demand for PKI and the skills organisations need to manage this increasingly critical capability. While PKI is at the core of nearly every IT infrastructure and is crucial for a whole range of digital initiatives, 78% of respondents in Australia cited a lack of clear ownership as a top challenge in its implementation over the last five years.

Insufficient resources and insufficient skills were also rated as key challenges, by 51% and 46% of respondents respectively. This has the potential to exacerbate the headaches organisations already feel and create gaps in their security postures.

Furthermore, the momentum for organisations to implement digital initiatives such as cloud, mobile device deployment and IoT is only increasing, with IoT ranking first by 54% of respondents. There is an immediate need for many organisations to gain additional visibility, automation, and centralised control.

Strengthening the case for adoption with a CryptoCoE

Organisations need to understand the trends in PKI maturity across their operations as they continue to transform digitally. One way forward is for organisations to create an internal Cryptographic Centre of Excellence (CryptoCoE) at the core of their crypto management strategy.

This might seem like an additional project or cost, with all the issues around justifying the return on investment (ROI). It is almost impossible to calculate the risks and implications which can flow from data breach or system downtime, both in terms of internal operations but also consumer trust. However, the average cost of a breach in Australia is AU$3.35 million, a price which puts the risk in terms understandable to the bottom line.

A CryptoCoE can drive this through effective governance, beginning with a Certificate Policy and procedures for certificate issuance and management. In fact, Gartner posits that CryptoCoEs can helps businesses focus and align their current resources and expertise around a specific capability to accomplish and sustain world-class performance and value. This is the case for PKI as it is for everything else.

Technology adoption challenges arise when enterprise teams do not fully establish the connection between the new technologies and their immediate strategic value to the business.

For enterprises relying on PKI to drive their operations and their relationships through their supply chains and with consumers, the pooling of expertise in a CryptoCoE helps ensure that their infrastructure maximises its resilience against modern day threats, and is compliant with the latest standards and regulations.

If executed well, a CryptoCoE is well worth the effort and costs to ensure business continuity, enhance data security and most importantly — strengthen consumers’ trust.