With
threats
on
the
rise,
countries,
industries,
and
organisations
are
developing
a
set
of
best
practices
and
regulations
to
mitigate
increasingly
sophisticated
attacks.
Public
Key
Infrastructure
(PKI),
being
the
backbone
of
IT
security,
naturally
plays
a
big
role
as
organisations
need
to
make
sure
they
have
the
right
security
solutions
in
place.
According
to
the 2022
Global
PKI
and
IoT
Trends
Study by
Entrust
and
Ponemon
Institute,
changing
standards
and
regulations
are
one
of
the
top
areas
where
stakeholders
expect
change
and
uncertainty.
That’s
because
the
regulatory
landscape
is
growing
and
becoming
more
defined
and
rigid.
For
example,
at
a
federal
level,
most
countries
are
looking
closely
at
cybersecurity
–
from
the
White
House
issuing
a
mandate
to
improve
the
nation’s
cyber
security
to
the
Australian
Government’s
Australian
Cyber
Security
Centre
providing
guidelines
for
organisations
on
protecting
their
systems
and
data
from
cyber
threats.
From
government
intelligence
to
the
individual
level
with
personally
identifiable
information
(PII),
a
lot
of
these
are
most
certainly
in
place
with
the
aim
of
protecting
data.
Protecting
data
now
and
in
the
future
Data
protection
is
also
a
focus
when
we
look
at
something
like
post-quantum
(PQ).
This
is
another
area
of
concern,
and
it
certainly
appears
as
though
this
specific
area
is
going
to
be
a
major
concern
within
the
next
decade.
Although
there
is
no
final
regulation
or
recommendation
from
the
standards
bodies
about
the
cyber
threats
posed
by
PQ,
we’re
already
seeing
an
increasing
number
of
calls
to
action.
These
often
begin
with
inventorising
data
so
organisations
and
companies
understand
what
their
most
sensitive
data
is
and
where
it
resides
before
then
prioritising
that
data.
When
the
organisation
is
at
the
stage
of
securing
its
data,
implementing
PQ
cryptography
is
key,
and
this
will
require
PKI.
For
that
conversation,
we
encourage
customers
to
talk
to
their
security
vendors
to
ensure
they
are
buying
and
using
solutions
that
are
“PQ-ready”
in
order
to
future-proof
those
protection
mechanisms.
It
is
an
investment
that
needs
to
be
made.
Unified
regulation
and
control
is
key
Increased
regulation
is
happening
globally,
but
with
each
country
having
their
own
set
of
guidelines,
the
waters
are
increasingly
murky,
which
can
exacerbate
the
situation.
Further,
this
is
not
only
happening
at
the
country
level
–
in
the
US,
we’ve
seen
IoT
regulation
coming
out
at
the
state
level
in
California
and
Oregon.
Additionally,
each
industry
has
its
own
set
of
requirements
too,
such
as
we
see
in
healthcare
and
finance.
As
more
regulations
emerge
across
a
range
of
geographies
and
industries
and
those
protections
layer
over
one
another,
it
can
be
challenging
for
organisations
to
navigate
and
ensure
they’re
meeting
all
requirements.
In
the
PKI
and
IoT
Trends
Study,
we
saw
that
the
top
three
challenges
to
deploying
and
managing
PKI
are:
A
lack
of
internal
skills,
resources
and
no
clear
ownership.
This
points
to
the
fact
that
not
all
organisations
have
the
expertise
to
cope
properly
and
are
struggling
with
PKI
and
associated
regulations.
It
also
means
there
might
not
be
one
single
group
overseeing
these
requirements
at
an
organisational
level
which
could
leave
the
company
open
to
compliance
risks.
However,
at
a
federal
level,
data
protection
and
data
sovereignty
are
key
focuses.
With
news
of
breaches
and
ransomware
attacks
practically
a
daily
occurrence,
it
seems
that
many
have
come
to
accept
the
threat
from
bad
actors
as
a
case
of
‘when’
rather
than
‘if’.
As
such,
while
much
is
being
done
to
fortify
systems
and
users,
there
is
a
growing
focus
on
ensuring
that
data
and
communication
are
protected,
even
in
the
event
of
a
loss
of
information
–
whether
that
may
be
intentional
or
accidental.
To
meet
these
needs
and
shape
their
strategy,
organisations
look
to
regulations
and
compliance
to
help
instil
trust
in
investors,
users,
and
customers.
Therefore,
regulations
such
as
those
laid
out
by
the
Australian
Signals
Directorate
and
Department
of
Home
Affairs
will
continue
to
be
critical
tools
in
the
fight
to
prevent
data
breaches.
We’re
also
seeing
an
increase
in
regulation
being
put
in
place
to
protect
end
users/consumers,
including
the
state-level
regulations
mentioned
earlier.
The
Australian
Government
also
recently
issued
the Code
of
Practice:
Securing
the
Internet
of
Things
for
Consumers.
It
puts
the
onus
of
IoT
security
on
the
manufacturer
of
commercial
devices
to
improve
consumer
security
as
individuals
own
more
connected
devices
that
communicate
with
one
another
without
human
intervention.
Finally,
there
are
threats
like
PQ.
Since
a
quantum
computer
is
capable
of
breaking
the
public
key
cryptography
in
use
today,
it
is
necessary
to
have
an
eye
on
the
future
and
consider
this
a
real
risk.
Although
regulation
and
recommendations
in
this
area
are
still
in
the
early
days,
we’re
seeing
more
and
more
countries,
agencies,
and
regulatory
bodies
looking
at
this
to
ensure
digital
ecosystems,
data,
and
communications
remain
secure
should
a
quantum
computer
be
used
to
break
that
cryptography.
Summing
up,
PKI
infrastructure
is
an
essential
part
of
a
secure
ecosystem
and
will
only
increase
in
importance
over
the
coming
years.
As
the
Global
PKI
and
IOT
Trends
Study
reveals,
more
organisations
and
government
bodies
are
bending
their
will
to
solidify
governance
around
PKI
and
connected
systems
–
so
it
is
essential
for
organisations
to
keep
up
with
any
changes
and
ensure
their
compliance
–
but
also
that
their
own,
in-house
governance
is
carefully
considered
and
planned.
Only
by
presenting
a
unified
front
will
cyber
and
data
risks
be
diminished.
About Author
