In this Spotlight edition of the podcast, we’re joined by Brian Trzupek the Senior Vice President of Product at DigiCert. Brian and I take a look at the findings of a recent State of PKI Automation survey and the challenges organizations face as they look to manage a fast-growing population of tens of thousands of PKI certificates.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

Twenty years ago, Public Key Infrastructure, or PKI, had a pretty limited remit. Its first applications were securing email and physical access systems in security conscious environments like the military, intelligence community and government. With the explosion of the Internet, PKI became a foundational technology for securing web traffic and authenticating users to applications via technologies like SSL and TLS.

Brian Trzupek is SVP of Products at DigiCert

Since then, both the scale and applications of PKI have transformed. Today, PKI and digital certificates are used to sign and secure electronic documents and – increasingly – to secure communications and interactions between billions of connected devices on the Internet of Things.  Moreover, as digital transformation and DEVOPS has taken hold within the enterprise, the demand for PKI to secure critical development and production infrastructure has exploded. 

Survey: 50,000 Certs on Average

In fact, a recent survey of PKI use in 400 enterprises worldwide found that the typical enterprise is managing more than 50,000 digital certificates, with most dedicated to securing users, servers, web applications, email and mobile devices. That’s a 43% jump year over year, according to the survey.

Not surprisingly, IT managers are feeling overwhelmed by the sudden growth in the population of certificates. 61% of those surveyed said they were concerned about the time required to manage certificates in their environment, while 47% reported having encountered “rogue” (or unmanaged) certificates.