TMCnet News

Thales and Ponemon Institute research reveals failure of PKIs to follow best practices
[September 29, 2015]

Thales and Ponemon Institute research reveals failure of PKIs to follow best practices


PLANTATION, Fla., Sept. 29, 2015 /PRNewswire/ -- Thales, leader in critical information systems and cybersecurity, announces the publication of its 2015 PKI Global Trends Study. The report, based on independent research by the Ponemon Institute and sponsored by Thales, reveals an increased reliance on public key infrastructures (PKIs) in today's enterprise environment, supporting a growing number of applications. At the same time, however, there is a general lack of clear PKI ownership, as well as a lack of resources and skills to properly support them. Current approaches to PKI are fragmented and do not always incorporate best practices, indicating a need for many organizations to apply increased effort to secure their PKI as an important part of creating a foundation of trust.

Thales

More than 1,500 IT and IT security practitioners were surveyed in ten countries: United States, United Kingdom, Germany, France, Australia, Japan, Brazil, Russian Federation, India and Mexico, with the aim of better understanding the use of PKI within organizations.

News facts:

  • The most significant challenge organizations face around PKI is the inability of their existing PKIs to support new applications (63 percent of respondents said this).
  • Only 11 percent of respondents say there is accountability and responsibility for PKI and the applications that rely upon it.
  • A large percentage of respondents said they had no revocation techniques.
  • Cloud-based services are the most significant driver for PKI-based application adoption.
  • The level of visibility, influence and/or control over the applications that consume certificates managed by their PKI is minimal.
  • There is a significantly higher use of weaker security techniques like passwords (53 percent) than there is of strong authentication mechanisms such as Hardware Security Modules (HSMs) (28 percent). 
  • The top three places where HSMs are deployed to secure PKIs are issuing certificate authorities together with offline and online root certificate authorities.

Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, says:



"On average, companies today are using their public key infrastructure (PKI) to support seven different applications. While the results of this study demonstrate some use of best practices, including strong authentication and hardware security modules, they also reveal that lower security options like passwords are still prevalent – which is concerning in light of the increased dependency on PKIs today."

John Grimm, senior director, Thales e-Security, says:
"An increasing number of enterprise applications are in need of certificate issuance services, and many older PKIs are not equipped to support them. As organizations undertake a PKI upgrade cycle to support new applications and capabilities, many will look to improve the trust of their PKI by using HSMs to protect private keys for offline root certificate authorities as well as online issuing certificate authorities. Thales has decades of experience providing HSM-based PKI solutions, and runs a dedicated PKI Consulting Service to help businesses design and deploy world-class self-managed PKIs that build trust at the infrastructure level."


Download your copy of the new 2015 PKI Global Trends Study

To learn more about Thales PKI Consulting Services, visit www.thales-esecurity.com/pki-experts

For industry insight and views on the latest key management trends check out our blog www.thales-esecurity.com/blogs

Follow Thales e-Security on Twitter @Thalesesecurity, LinkedIn, Facebook and YouTube

About the Ponemon Institute 
The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government.  To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About Thales e-Security
Thales e-Security is a leading global provider of trusted cryptographic solutions with a 40-year track record of protecting the world's most sensitive applications and information. Thales solutions enhance privacy, trusted identities, and secure payments with certified, high performance encryption and digital signature technology for customers in a wide range markets including financial services, high technology, manufacturing, and government.  Thales e-Security has a worldwide support capability, with regional headquarters in the United States, United Kingdom, and Hong Kong. www.thales-esecurity.com  

About Thales
Thales is a global technology leader for the Aerospace, Transport, Defence and Security markets. With 61,000 employees in 56 countries, Thales reported sales of €13 billion in 2014. With over 20,000 engineers and researchers, Thales has a unique capability to design and deploy equipment, systems and services to meet the most complex security requirements. Its unique international footprint allows it to work closely with its customers all over the world.

Positioned as a value-added systems integrator, equipment supplier and service provider, Thales is one of Europe's leading players in the security market. The Group's security teams work with government agencies, local authorities and enterprise customers to develop and deploy integrated, resilient solutions to protect citizens, sensitive data and critical infrastructure.

Drawing on its strong cryptographic capabilities, Thales is one of the world leaders in cybersecurity products and solutions for critical state and military infrastructures, satellite networks and industrial and financial companies. With a presence throughout the entire security chain, Thales offers a comprehensive range of services and solutions ranging from security consulting, intrusion detection and architecture design to system certification, development and through-life management of products and services, and security supervision with Security Operation Centres in France, the United Kingdom and The Netherlands.

Logo - http://photos.prnewswire.com/prnh/20150929/271846LOGO

To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/thales-and-ponemon-institute-research-reveals-failure-of-pkis-to-follow-best-practices-300150738.html

SOURCE Thales


[ Back To TMCnet.com's Homepage ]