A survey from Keyfactor shows that 96% of North American enterprise IT security leaders say public key infrastructure (PKI) and digital certificates are essential to achieving zero trust architecture.

But less than a third of the respondents have a zero trust strategy in place.

Only 39% use PKI as part of their zero trust security strategy today according to the survey from Ohio-based Keyfactor, a specialist in PKI as-a-Service (PKIaaS) and crypto-agility.

The survey explores enterprise security priorities, the challenges of zero trust strategy implementation and the use of PKI and digital certificates within a zero trust architecture.

“Adopting a zero trust strategy is an important step to ensuring a robust security posture, especially as digital transformation continues and organisations move their security to the cloud,” said Chris Hickman, chief security officer at Keyfactor. “Yet the survey results reveal a concerning gap between perception and reality. While most leaders recognise that PKI is essential to a successful zero trust security strategy, most are not actively incorporating it into their identity and access management (IAM) programme.”

PKI is comprised of digital certificates and cryptographic keys that provide trusted and secure connections to protect user and machine identities. A zero trust model relies on trusted connections, controls and machine identity authentication to mitigate security risks and ensure machine-to-machine communications are secure.

Additional findings in the survey include:

• Adoption drivers: 68% are prioritising zero trust strategy implementation for security risk mitigation with half citing time-to-breach detection reduction.
• Investment priorities: 72% of IT leaders cite cloud-first migration followed by remote workforce (65%) and digital customer experience improvements (46%).
• Budget allocation: 92% of respondents have allocated up to 20% of their 2021 technology budget to PKI and/or cryptography investments.
• Implementation challenges: 73% see technology gaps as their organisation’s greatest barrier to implementation, followed by cost concerns (69%) and a talent or skills shortage (45%).
• PKI requirements: 71% of IT leaders are prioritising key and certificate visibility, followed by enabling automation (56%) and cloud-first PKI deployment (49%).

“The proliferation of digital certificates and keys within the enterprise will continue to rise, especially as a reliance on distributed IT and the remote workforce continues,” said Hickman. “Scalability is a key consideration when building out a zero trust architecture. However, PKI alone does not equate to zero trust. To be successful and fully achieve zero trust, organisations also need the automation, process and security controls necessary to support it.”

The survey was conducted by Pulse Research on behalf of Keyfactor and included responses from 100 North American executive and VP-level IAM leaders in enterprises with between 5000 and 10,000+ global employees.

Keyfactor’s crypto-agility platform empowers security teams to orchestrate seamlessly every key and certificate across their entire enterprise. It helps its customers apply cryptography in the right way from modern, multi-cloud enterprises to complex IoT supply chains.