The global cybersecurity industry faces a major labor shortage. Though the labor pool of cybersecurity workers has grown, vacancies in the job market have grown even faster — so much so that the Department of Homeland Security described the shortage as a significant national security threat.
According to a report by (ISC)² Cybersecurity Workforce, the global cybersecurity workforce gap in 2022 is 3.4 million, the highest it has ever been. The report also highlights that the U.S. cybersecurity workforce is only growing at 5.5 percent, compared to the global growth of 11.1 percent.
Keyfactor’s latest ebook helps security leaders understand the dynamics of the cybersecurity labor shortage and offers strategies to mitigate its impact on their security posture and their team’s effectiveness.
The shortage presents a significant threat to the enterprise world. Not only do short-staffed security teams struggle to stay ahead of active threats against company networks, but they also lose the bandwidth they need to patch critical systems, assess and manage risks, and uphold the best practices that keep the network safe.
Adopting tools or hiring new talent may not address the underlying inefficiencies that prohibit scale. The right investment gives bandwidth back to security teams and simplifies their daily work while providing scalability and flexibility for the future.
For enterprises that charge their general security or IT teams with managing Public Key Infrastructure (PKI), modernizing PKI can provide the transformative element teams need to stay vigilant and effective.
Why teams struggle with PKI
While in the past, PKI was limited to a manageable, specific set of use cases, today’s enterprise is challenged to manage digital certificates on a massive scale. Keyfactor’s 2022 State of Machine Identity Management Report found that the average enterprise boasts over 260,000 internally-issued certificates.
In addition to sheer volume, several factors make PKI a full-time job that few teams can truly and effectively perform, especially when they are stretched thin by the labor shortage.
Certificates are often spread out across the enterprise, making it difficult to achieve visibility into the full scope of the organization’s certificate inventory — particularly if other teams can generate their own certificates unchecked.
To gain control of the organization’s full certificate inventory, PKI teams need visibility into certificate authority (CA) databases, SSL and TLS endpoints on the network, and key and certificate stores. There must also be a clear hierarchy of ownership between PKI operators and certificate managers, approvers, and users.
Manual processes
Keyfactor’s 2022 State of Machine Identity Management Report shows that 42% of organizations use spreadsheets to track certificate lifecycles and 38% use homegrown tools.
As a result, the PKI team must manually track upcoming certificate expirations, keep up with requests for issuing and approving certificates, and oversee the renewal and installation of new certificates. A lack of expertise and accountability among stakeholders further hinders the clunky manual workflows around PKI.
Streamlining the processes used to manage PKI is not only vital for weathering the labor shortage but also key to unlocking scalability as organizations continue to evolve their PKI usage.
A lack of expertise
Managing PKI requires a deep, specific set of skills and knowledge. Missteps in the design phase of an enterprise-level PKI can’t be undone without a total overhaul, especially with the level of complexity involved in a typical systems landscape. PKI isn’t a “set-it-and-forget-it” piece of infrastructure. It needs continued maintenance and upkeep to retain efficiency.
Proper PKI management requires time to assess the infrastructure holistically and determine the right path forward. When IT or security teams handle PKI on top of their primary duties, they may have to prioritize those duties over their PKI responsibilities. Either way, the organization faces an increased risk of an outage or breach.
Broadly, these challenges force internal teams into a reactive mode of managing PKI. Not only does this create more work for the team, exacerbating the pains of the labor shortage, it practically guarantees outages due to certificate expirations.
Getting ahead of PKI
The labor shortage demands organizations get more out of their existing security and IT staff. The right investments give teams access to the resources, tools, and knowledge that they lack to minimize their time spent managing PKI in conflict with other duties and higher-level work.
Modernizing PKI can lessen the workload while preventing disasters like failed audits, stolen or misused keys and certificates, and unplanned outages.
Visibility through centralization
Teams can’t secure what they can’t see. A modern PKI management platform can detect hidden and unknown certificates and keys and provide visibility into public and private CAs, network endpoints, and key and certificate stores.
This visibility allows the PKI team to remediate non-compliant and weak identities and drive best practices around certificates throughout the enterprise. With features like certificate tagging and custom metadata, PKI teams can organize certificate inventories and integrate certificates with user workflows.
Creating a universal PKI command center can provide valuable time, simplicity, and peace of mind to short-staffed security teams. Centralizing PKI management into one holistic platform can save teams hours of work they would otherwise spend sussing out the status of obscure, far-flung certificates. They will be able to see expirations coming and stop wondering if some forgotten certificate will expire undetected.
Transformative automation
Automation may be the biggest advantage afforded by a modernized PKI. A PKI management solution can streamline or fully automate the process of renewing, provisioning, and installing certificates. This functionality can virtually eliminate the risk of certificate outages and prevent the heavy workload of remediating them.
When teams can automate renewal alerts, schedule reports, and revoke or issue certificates in bulk, they can extricate themselves from the PKI runaround to assess and refine PKI on a broader level. They can truly control their PKI, rather than operate at the mercy of it.
Automation simplifies certificate usage for end users like developers and app owners. A PKI management solution can set boundaries and standards for users who consume certificates without violating policies or compliance. As such, a modernized PKI can provide relief from labor shortage pains to teams beyond those dedicated to IT and PKI, thus contributing to innovation rather than impeding it.
Deep PKI knowledge
Every organization is different and consumes certificates in its own unique ways. While out-of-the-box platforms can offer transformative capabilities, organizations need human expertise to make the biggest decisions around their PKI.
A PKI vendor or outside expert can work with security or IT teams to understand their organization’s PKI use cases, to best architect the PKI according to those requirements and avoid post-production problems. A PKI expert or vendor can help make those high-stakes decisions in the design phase, like whether to use a two- or three-tier design or whether to adopt a Hardware Security Module (HSM).
A PKI expert can ensure these decisions don’t return to cause problems for the organization and simplify PKI. Once the foundation of the PKI has been established, policies and procedures can be implemented to optimize PKI management. From there, the internal team responsible for PKI can administer the regular review and testing of PKI components, like monitoring and benchmarking the PKI against current and emerging industry standards for compliance and security.
Having expert guidance around PKI can save teams immense complications and the hassle of modernizing their PKI through trial and error. Meanwhile, the organization pays for the expertise they need rather than hiring an in-house PKI expert.
More bandwidth equals lower costs
In addition to saving security teams time and headaches, the efficiencies of a modernized PKI can yield significant cost savings. Not only will organizations drive more value from their existing team members, avoiding the costs of unnecessary hires and lowering the total cost of ownership around PKI by 40%, but they will also retain revenue that would otherwise be lost to outages or cyberattacks.
That gives organizations more room to make investments in other parts of the business straining under the pressures of the labor shortage.
One day the cybersecurity labor shortage will be over, but many PKI inefficiencies were not created by the shortage so much as they have been revealed and amplified by it. No matter what measures organizations take to survive the labor shortage, unlocking PKI scalability and efficiency will be key to securing enterprises in tomorrow’s world.
To explore more ways organizations can stay secure and agile during the labor shortage, download Keyfactor’s new ebook: Three Strategies to Navigate the Cybersecurity Labor Shortage.