Each year, Keyfactor surveys over a thousand security leaders in a dozen industries across the globe to gain a perspective of the machine identity landscape. Keyfactor’s State of Machine Identity Report seeks to empower organizations with the information they need to meet the challenges of machine identity management. Not only does the report surface emerging trends, but it also conveys how organizations in the enterprise world are deploying and managing PKI.
This year, we analyzed survey responses from 1,280 individuals across North America, Europe, the Middle East, and Africa. Survey respondents work in all areas of the IT organization, from information security to infrastructure, operations, and development.
The report is packed with statistics, insights, and recommendations, but a few themes rose to the top.
Machine identities are still exploding in volume, and organizations struggle to get ahead
For the third consecutive year, the average number of internally trusted certificates has increased, up to 256,000 on average compared to 231,063 in 2021. As a result, 62% of respondents said they don’t know exactly how many keys and certificates they have, up from 53% in 2021.
On the other hand, executive leadership has come a long way in recognizing machine identity management as a business-critical function. Only 22% of respondents reported a lack of executive-level support, down from 36% in 2021.
This may show that even as awareness and support for PKI management increases, the workload of implementing a strategy is growing at a faster pace.
The labor shortage restricts organizations’ ability to manage machine identities
The rate of change and lack of skilled personnel tied for first place as the biggest challenges enterprises face in setting an organization-wide strategy for PKI and machine identity management. 72% of respondents said that the increasing use of keys and certificates has significantly increased the operational burden of the organization’s team.
To adapt, organizations must find ways to manage PKI with the resources already at their disposal, yet only 31% of respondents said their organization has a mature machine identity working group.
Reducing PKI complexity is a top priority
For the first time in the report’s history, reducing PKI complexity ranked as the top strategic priority for managing PKI and machine identities. On average, organizations use nine different PKI and certificate authority solutions — however, 37% use more than 10.
Complexity may be a symptom of a lack of ownership around PKI. Several teams consume PKI, like Security, IT, Development, Infrastructure, Cloud, and others, yet no one owns the broader PKI strategy or vision. This results in PKI sprawl, conflicting policies, low visibility, and an expanded attack surface.
Perhaps it’s why, this year, more organizations than ever (19%) reported having no machine identity management strategy at all.
The problems add up
An abundance of complexity and a shortage of skilled talent to fix it only creates more work, more complexity, and more outages. This year, 77% of respondents said their organization suffered at least two significant certificate-related outages within the past 24 months.
The average time-to-recovery in the wake of an outage is getting longer — 3.79 hours this year compared to 3.3 hours in last year’s report. Respondents said an average of 11 team members are directly involved in remediating these outages when they occur, pulling them away from other priorities.
We’re excited to release this year’s report. These findings only illustrate the transformative potential of efficient PKI management.
Within the report, you’ll find more information about how the variety and number of machine identities are changing the landscape, how secure code-signing is becoming more vital to the development process, and steps organizations can take to get a handle on PKI complexity and the ongoing skills shortage.