Lessons Learned From PKI – Expert Insight

By   ISBuzz Team
Writer , Information Security Buzz | Dec 02, 2020 05:59 am PST

Public key infrastructure (PKI) is a core building block of IT in an enterprise, providing secure digital identities for people, devices, and applications. Many organizations build and deploy their own PKI to support things like data protection and network authentication. Furthermore, PKI today is expected to support new use cases like the Internet of Things (IoT), DevOps and Cloud initiatives. But, if PKI is so critical to enterprise security, then why do so many PKI deployments fail?

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Chris Hickman
Chris Hickman , Chief Security Officer
December 2, 2020 2:18 pm

Deploying and running a PKI in-house can be a complex undertaking for even the most experienced IT and security professionals. Unlike other tools in the IT stack, it’s not just about technology. PKI is a set of moving parts including hardware, software, policies, and procedures. And there is no room for error. Mistakes made during PKI design and deployment not only create headaches for administrators and certificate users, but they also significantly increase the risk of a widespread outage or security breach. We frequently run into scenarios where complex PKI deployments are inherited by a new IT specialist unfamiliar with PKI; sometimes it’s a ‘temporary’ deployment that went wrong. Other times, it’s simply a matter of maintenance and operational overhead taking critical IT and security resources away from their core competencies.

Last edited 3 years ago by Chris Hickman

Recent Posts

Would love your thoughts, please comment.x