DigiCert 2021 State of PKI Automation Survey Finds Companies are Struggling with Reliance on Manual Processes Amid Growing Volume of Digital Certificates

PRESS RELEASE FROM DIGICERT
September 28, 2021
Press Contacts
Sherri Walkenhorst
Connect Marketing
801-373-7888
LEHI, Utah —

Enterprises lacking automation and discovery are challenged by rogue certificates, unmanaged certificates and outages caused by certificates expiring unexpectedly; leaders are prioritizing automation 

(LEHI, Utah) – (Sept. 28, 2021) – DigiCert, Inc., the world’s leading provider of TLS/SSL, IoT and other PKI solutions, today released its 2021 State of PKI Automation survey that shows the typical enterprise manages over 50,000 publicly and privately trusted PKI certificates. Manually managing this volume of certificates can lead to costly outages if not handled correctly. Two-thirds have experienced outages caused by certificates expiring unexpectedly and 25% have experienced five to six such outages in the past six months alone. Due to these issues and others, there is strong interest in adopting PKI automation.

Leading organizations are six times more likely to have already implemented automation. They’re meeting PKI SLAs and doing a better job at self-reporting deficiencies.   

Nearly two-thirds of enterprises are concerned about how much time is spent managing certificates. They also lack visibility. Thirty-seven percent of enterprises use more than three departments to manage certificates, leading to confusion. The typical enterprise says as many as 1,200 of the certificates are actually unmanaged, and nearly half (47%) say they frequently discover so-called “rogue” certificates (certificates that were implemented without IT’s knowledge or management).   

“The volume of certificates has grown dramatically,” said Brian Trzupek, SVP of Product at DigiCert. “Further, validity periods for public TLS certificates have dropped from three years to one year since 2018. As a result, enterprises are finding it increasingly difficult to manually manage digital certificate workflows. They are looking for certificate automation, but need reassurance on how to do it and an understanding of the long-term costs and security benefits.”   

“Service failures due to PKI certificate expiry are a constant risk for all organizations, doubly so now with the shorter required renewal cycle,” said Michele Liberman, SaaS Operations Manager at Smart Communications. “There are high overheads for managing certificates, as each one needs to be monitored for expiry, requested, created and deployed. Automating to reduce risk and internal engineering grind makes great business sense.”  

Most enterprises are considering PKI automation, with 91% at least discussing it. Only 9% say they are not discussing it and have no plans to do so. Most (70%) expect to implement a solution within 12 months. A quarter (25%) are actually at the stage where they're already implementing or maybe even finished implementing a solution.   

Not All Enterprises are the Same   

The survey included a series of questions to determine how well (or poorly) each respondent was doing across a wide range of PKI metrics. After the scores were totaled, the respondents were split into three groups:    

  • Leaders: Organizations that are doing the very best 
  • Laggards: Organizations that are doing the worst 
  • Middle: Organizations that are doing okay 

 The Leaders and Laggards were then compared to examine the differences and explore what the Leaders were doing better.   

Leaders are performing two to three times better than Laggards in every area, including minimizing PKI security risks, avoiding PKI downtime and meeting PKI-related SLAs. Laggards are seeing a wide range of PKI-related penalties, including lost productivity, compliance issues, loss of customers and even lost revenue.   

Lessons from PKI Leaders   

PKI Leaders are more likely to say PKI automation is important to their organization’s future. Further, PKI Leaders are twice as concerned about the time it takes to manage PKI certificates. Learn more in the report about what Leaders are doing and the difference it’s making in their business.   

Recommendations   

DigiCert recommends that companies begin to address automation of their certificate management processes, including their business workflows, to ensure they continue to adhere to best practices in PKI deployments. This includes the following:   

Certificates:

    • Identify and create an inventory of the entire certificate landscape, from TLS to code signing, client certificates and more.
    • Remediate keys and certificates that are not compliant with corporate policy.
    • Protect with best practices for issuance and revocation. Standardize and automate enrollment, issuance and renewal.

Certificate Workflows: Address unmanaged or manual certificate workflows, such as code signing, document signing, email certificates or other identity and access solutions, with software that centralizes visibility and control and automates workflows.  

The survey was conducted by ReRez Research of IT professionals within 400 enterprise organizations of 1,000 or more employees in North America, EMEA, Asia Pacific and Latin America. For more information and to get the full report, visit https://www.digicert.com/campaigns/pki-automation.  

###
About
About DigiCert, Inc. DigiCert is the world’s leading provider of TLS/SSL, PKI and security solutions that enable digital trust for data, devices, code, documents and users. DigiCert is modernizing the way PKI is managed with the DigiCert ONE™ platform. DigiCert ONE reimagines PKI to address all certificate-based security use cases with flexible, scalable and automated workflow managers, including the award-winning TLS certificate manager, CertCentral®. Nearly 90% of the Fortune 500 and 98 of the 100 largest global banks choose DigiCert for its digital transformation solutions, including for securing 5G and the post-quantum computing age, and for its five-star customer support. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.