New Research Confirms Machine Identity Management Remains Problematic for 60% of Enterprises; Identity Threat Surface Continues to Expand

Security professionals hyper-focused on reducing complexity of PKI infrastructure to combat IAM woes, embrace zero trust, and prepare for post-quantum world

CLEVELAND, Ohio--()--Keyfactor, the identity-first security solution for modern enterprises, and Ponemon Institute today announced findings from the 2023 State of Machine Identity Management Report. In its third edition, the data illustrates macro trends within the enterprise that have fueled a turbulent 12-month period. According to research, the volume of machine identities, which continues to increase at an exponential rate year over year, creates significant challenges related to visibility, management, and mitigation.

“It comes as no surprise that security leaders are eager to reduce the complexity of PKI environments within their enterprise,” said Chris Hickman, chief security officer at Keyfactor. “The IAM landscape is continuing to change rapidly, and organizations are struggling to keep up with those changes. Zero-trust strategies, the ubiquity of IoT, and the adoption of cloud-based services will drive further use of keys and digital certificates in the enterprise. Our data shows that in 2023 and beyond, firms will prioritize getting a handle on their PKI infrastructure.”

The rise of connected devices and new machines introduced to an enterprise ecosystem has forced PKI to serve a critical role in the security of digital transactions. Yet, more than 60% of respondents were unsure of the exact number of keys and certificates in use within their organization – an increase of 17% from last year. This is caused by the dispersed nature of PKI management throughout an organization. With no clear ownership, less than half (47%) of organizations have an enterprise-wide strategy for managing PKI, even as the volume of certificates grew by 11%, from 231,063 in 2021 to 255,738 in 2022.

The confluence of these trends has prompted security leaders to prioritize reducing the complexity of their organization’s PKI infrastructure; more than half (58%) of respondents identified it as a top strategic priority for digital security.

“With the advancement of post-quantum cryptography, concerns about a post-quantum world are increasing,” continued Hickman. “While there’s still a significant amount of time until post-quantum is a reality, enterprises still need ample time and resources to prepare for the risk it poses to current public-key cryptosystems. It’s reassuring to see organizations already starting to rethink their current PKI strategies. With the right approach, organizations can rebuild disjointed and aging PKI environments, as well as the certificates issued from them, to mitigate early concerns related to the potential impacts of quantum cryptography.”

Additional findings from the report include:

  • Rising concerns about ability to adopt post-quantum cryptography: In June 2022, NIST announced the first group of algorithms to become part of its post-quantum cryptographic standard, which is expected to be finalized within two years. Nearly half (48%) of respondents say they are concerned about their ability to adapt to these post-quantum algorithms, up from 44% last year, prior to the NIST announcement.

  • Growth of machine identities increases operational burdens: Nearly three quarters (74%) of respondents say their organizations are deploying more cryptographic keys and digital certificates, which has significantly increased the operational burden on their organizations’ teams. This burden is exacerbated by a lack of skilled personnel; less than half (42%) of respondents say they do not have enough staff to deploy and maintain PKI effectively.

  • Certificate-related outages are hitting organizations hard: 77% of respondents report experiencing at least two significant outages caused by expired certificates in the past 24 months. Another 55% of respondents indicated that these outages caused major disruption to customer-facing services.

The study was conducted by Ponemon Institute on behalf of Keyfactor and includes responses from 1,280 IT and infosec executives and practitioners in North America and EMEA, spanning 12 industries, including financial services, industrial & manufacturing, healthcare & pharmaceuticals, energy and utilities, and retail, among others.

To view the complete findings and download the 2023 State of Machine Identity Management Report, visit: https://www.keyfactor.com/state-of-machine-identity-management-2023/.

About Keyfactor

Keyfactor brings digital trust to the hyper-connected world with identity-first security for every machine and human. By simplifying PKI, automating certificate lifecycle management, and securing every device, workload, and thing, Keyfactor helps organizations move fast to establish digital trust at scale — and then maintain it. In a zero-trust world, every machine needs an identity and every identity must be managed. For more, visit keyfactor.com or follow @keyfactor.

Contacts

Katie Leonowitz
fama PR for Keyfactor
keyfactor@famapr.com

Release Summary

Keyfactor announces findings from the 2023 State of Machine Identity Management Report, providing an in-depth look at PKI and machine identity trends.

Contacts

Katie Leonowitz
fama PR for Keyfactor
keyfactor@famapr.com