“Enterprises are seeing rogue certificates, defined as those outside the purview and control of the IT department, as well as outages from unexpected certificate expiration and a host of other problems” – By, Mr. Brian Trzupek, SVP of Product at DigiCert

1. What is PKI, and why is the adoption of PKI automation increasing amongst businesses?

An acronym for Public Key Infrastructure, PKI is the technology behind digital certificates. It is a system of processes, technologies, and policies that allows you to encrypt and sign data. You can issue digital certificates that authenticate the identity of websites, users, devices, documents or services. These certificates create a secure connection for both public web pages and private systems—such as your virtual private network (VPN), internal Wi-Fi, wiki pages, and other services that support MFA.

The internet ecosystem has been playing a pivotal role all over the globe in navigating the COVID-19 posed operational challenges, increasing the digital dependency. These changing trends and distributed digital infrastructure IT environment have made organizations more susceptible to cyberattacks and data breaches, fueling the demand for PKI solutions.

A typical enterprise in Asia Pacific (APAC) now manages more than 40,000 PKI certificates. This is a sharp increase from prior years, and we have found that enterprises in the region are having trouble managing the workload with as many as two-thirds facing outages caused by certificate expiration-related outages.

Another reason is that a substantial number of enterprises use more than three departments to manage certificates, causing visibility problems and confusions. This makes automation, centralization and crypto-agility even more important.

Our latest PKI Automation survey showed that 86% of APAC enterprises are at the very least discussing PKI automation. The majority of enterprises expect to implement a solution within 12 months. However, only 10% in APAC are actually at the stage where they are already implementing or maybe even finished implementing a solution. 

2. What are the common challenges that arise while managing certificates?

While the goal is to improve security, compliance, productivity and become more agile while also reducing downtime and costs, we have observed some common challenges.

Enterprises are seeing rogue certificates, defined as those outside the purview and control of the IT department, as well as outages from unexpected certificate expiration and a host of other problems. But not all enterprises are seeing the same level of issues.

Based on the responses gathered for our survey, we divided respondents into three tiers, depending on how well their organisations are managing PKI, and compared the top tier (leaders) versus the bottom tier (laggards).

The leaders right off the top are doing better, as they are two or three times better at minizing PKI security risks, avoiding PKI downtime, minimizing rogue certificates, meeting PKI SLAs (Service Level Agreements), managing digital certificates, issuing and revoking certificates, and compliance. They are also more likely to say they think PKI automation is important in the first place.

On the other hand, laggards experience severe penalties for their lack of skill at managing PKI certificates. These included compliance issues, security issues, lost productivity and delays. Team members are also overworked leading to lost customer base and revenue.

3. What role is DigiCert playing to enable the ecosystem?

While the ecosystem continues to be in a flux, we are honoured to be the trusted partners for enterprises in the markets across various domains. Our DigiCert certificate management and PKI solutions offer on-premises and hosted options to automate certificate lifecycle management, regardless of the number of certificates there are in an enterprise’s ecosystem. We provide a platform to handle digital certificate use cases at a large scale, including for website security, secure software management, digital signing, document signing, email security, user identity and access management and more.

One of our newest introductions is our DigiCert Automation Manager, which is built to automate certificate management seamlessly on-premises and in the cloud, while mitigating the risk of opening firewalls to the internet for automated lifecycle management. All automated certificates have one containerized point of connection that follows an enterprise’s specific security policies. Concerned team members can manage and customize all workflows from a single, modern user interface. Additionally, sensors work with popular load managers to balance even the most complex networks. 

4. Can you share the top trends related to PKI automation from an APAC lens? How does the APAC region fare in comparison to the rest of the world in terms of PKI automation?

We have found that APAC is the region with more enterprises having trouble managing the workload. Around 65% of the respondents from APAC have stated that they are concerned about how much time is spent in managing certificates, compared to 61% globally.

We also believe that more visibility is needed. A total of 35% of enterprises use more than three departments to manage certificates, which leads to silos and confusion. According to a typical enterprise, as many as 1,000 of the certificates are actually unmanaged. Nearly half (48%) of the enterprises surveyed say they frequently discover so-called “rogue” certificates (certificates that were implemented without IT’s knowledge or management), the highest occurrence among other regions surveyed.

In fact, two-thirds of the total surveyed enterprises experienced outages that were caused by certificates expiring unexpectedly. In APAC specifically, 35% of enterprises experienced five to six such outages in the past six months alone, as compared to the 25% global average. Such service outages can lead to a hit in a company’s reputation and its bottom line, due to customers being unable to access services. Certificate management is critical for organizations. Automating certificate management the right way, including the workflows involved in PKI deployments, is an important task for IT teams to solve. DigiCert is committed to helping them do this.