PKI is at the core of the IT infrastructure for many organisations, enabling security for critical digital initiatives such as cloud, mobile device deployment, and IoT (Internet of Things devices). Yet organisations are leaving themselves vulnerable and unprepared, cyberattacks by failing to prioritise PKI security, it is claimed. The 2019 Global PKI and IoT Trends Study, by the US-based research firm the Ponemon Institute, and sponsored by the cyber product company nCipher Security, is based on feedback from 1,800 IT security practitioners in 14 countries and regions. The study found that IoT is the fastest-growing trend driving public key infrastructure (PKI) application deployment – with 20 per cent growth over the past five years.
Respondents cited concerns about several IoT security threats, including altering the function of IoT devices through malware or other attacks (68pc) and remote control of a device by an unauthorised user (54pc). However, respondents rated delivering patches and updates to IoT devices, the capability that protects against that top threat, last on a list of the five most important IoT security capabilities. The study also found that in the next two years an average of 42pc of IoT devices will rely primarily on digital certificates for identification and authentication. Encryption for IoT devices, and for IoT platforms and IoT data repositories, is at just 28pc and 25pc respectively, according to nCipher’s 2019 Global Encryption Trends Study.
John Grimm, senior director of strategy and business development at nCipher Security, said: “The scale of IoT vulnerability is staggering – IDC recently forecasted that there will be 41.6B connected IoT devices by 2025, generating 79.4 zettabytes of data. There is no point in collecting and analysing IoT-generated data, and making business decisions based upon it, if we cannot trust the security of devices or their data. Building trust starts with prioritising security practices that counter the top IoT threats, and ensuring authenticity and integrity throughout the IoT ecosystem.”
The survey suggested that despite a growing number of options for PKI deployment (cloud, managed and hosted), internal corporate Certificate Authorities (CAs) remain the most popular and have grown 19pc over the past five years to 63pc – with most, 80pc of financial services firms favouring this option.
For more visit https://www.ncipher.com/2019/global-encryption-trends-study.
