Survey Findings from Pulse Research and Keyfactor Show Gap Regarding PKI’s Role in a Zero Trust Security Strategy

  • April 15, 2021
  • imc

Only 32% of Respondents Currently Have a Zero Trust Strategy in Place

CLEVELAND – March 15, 2021 – 96% of North American enterprise IT security leaders say public key infrastructure (PKI) and digital certificates are essential to achieving zero trust architecture. Yet only 39% use PKI as part of their zero trust security strategy today according to an executive survey from Pulse Research and Keyfactor, the leader in PKI as-a-Service (PKIaaS) and crypto-agility solutions. The survey explores enterprise security priorities, the challenges of zero trust strategy implementation and the use of PKI and digital certificates within a zero trust architecture.

“Adopting a zero trust strategy is an important step to ensuring a robust security posture, especially as digital transformation continues and organizations move their security to the cloud,” said Chris Hickman, chief security officer at Keyfactor. “Yet the survey results reveal a concerning gap between perception and reality. While most leaders recognize that PKI is essential to a successful zero trust security strategy, most are not actively incorporating it into their identity and access management (IAM) program.”

PKI is comprised of digital certificates and cryptographic keys that provide trusted and secure connections to protect user and machine identities. A zero trust model relies on trusted connections, controls and machine identity authentication to mitigate security risks and ensure machine-to-machine communications are secure.

Additional key findings:

  • Adoption drivers: 68% are prioritizing zero trust strategy implementation for security risk mitigation with 50% citing time-to-breach detection reduction.
  • Investment priorities: 72% of IT leaders cite cloud-first migration followed by remote workforce (65%) and digital customer experience improvements (46%).
  • Budget allocation: 92% of respondents have allocated up to 20% of their 2021 technology budget to PKI and/or cryptography investments.
  • Implementation challenges: 73% see technology gaps as their organization’s greatest barrier to implementation, followed by cost concerns (69%) and a talent or skills shortage (45%).
  • PKI requirements: 71% of IT leaders are prioritizing key and certificate visibility, followed by enabling automation (56%) and cloud-first PKI deployment (49%).

“The proliferation of digital certificates and keys within the enterprise will continue to rise, especially as a reliance on distributed IT and the remote workforce continues,” said Hickman. “Scalability is a key consideration when building out a zero trust architecture. However, PKI alone does not equate to zero trust. To be successful and fully achieve zero trust organizations also need the automation, process and security controls necessary to support it.”

The survey was conducted by Pulse Research on behalf of Keyfactor and included responses from 100 North American executive and VP-level IAM leaders in enterprises with between 5,000 and 10,000+ global employees.

View the complete findings and download the report today.

About Keyfactor

Keyfactor is the leader in cloud-first PKI-as-a-Service and crypto-agility solutions. Its Crypto-Agility PlatformTM empowers security teams to seamlessly orchestrate every key and certificate across their entire enterprise. We help our customers apply cryptography in the right way from modern, multi-cloud enterprises to complex IoT supply chains.

With decades of cybersecurity experience, Keyfactor is trusted by more than 500 enterprises across the globe. Built on a foundation of trust and security, Keyfactor is a proud equal opportunity employer, supporter and advocate of growing a trusted, secure, diverse and inclusive workplace. For more information, visit or follow us on LinkedIn, Twitter and Facebook.

About the IoT M2M Council

The IMC is the largest trade group dedicated to the global IoT/M2M sector – with over 25,000 IoT enterprise users, product makers/designers, and apps developers that buy IoT solutions as members. Board companies include Aeris, AVSystem, beamLive, BICS, Blues Wireless, DIGI International, floLIVE, Gurtam, iBasis, Ignion, IoT Launch, Keyfactor, KORE, Losant, Microsoft Azure IoT, MultiTech, NimbeLink (an Airgain company), Novotech, Pelion (an ARM company), Pod Group, Quectel, Software AG, Somos, Taoglas, Tata Communications, Telit, and Vodafone. Visit