CNME Editor Mark Forker secured an exclusive interview with Hamid Qureshi, Regional Sales Director at Entrust, to find out more about the key challenges that are facing businesses attempting to deploy and successfully manage PKI in their operating models.
The Entrust 2021 Global PKI and IoT Trends study found that IT professionals are continuing to see a lack of clear ownership and an absence of sufficient resources and skills as the top challenges in managing and deploy Public Key Infrastructure (PKI) within their IT environments.
To find out more, not only in relation to the importance of PKI, but also to hear what the remedy for businesses seeking to adopt and integrate PKI into their business is, we spoke to Hamid Qureshi, Regional Sales Director at Entrust.
Qureshi has enjoyed a distinguished career in the IT industry in the Middle East – and is well placed to highlight the importance of PKI.
In a compelling interview, he started off the interview by declaring that PKI was no longer a nice to have, stressing it was now a necessity in the ever evolving and complex digital economy. However, he did concede that a major problem was determining who has ownership.
“PKI is being adopted more, quite simply because it is a necessity. It’s not necessarily the sexiest thing in the cybersecurity world, but it is critically important because it underpins so much of an organisation’s security posture. However, I think the biggest challenge that organisations face is who owns this, as organisations are struggling to determine where exactly this ownership lies,” said Qureshi.
Talent acquisition is a major issue in the IT ecosystem, not just in the Middle East, but globally. The emergence of disruptive technologies has created new opportunities, but like all technology if it is not harnessed properly by skilled professionals then you will be unable to yield the benefits from it, and the same applies to PKI.
Qureshi cited the report conducted by Entrust which found that 84% of respondents did not have the resources or skills to execute their PKI objectives.
“In addition to the ownership question, the next challenge facing enterprises in relation to PKI is insufficient resources, and that became evident in the study that we had with 84% of respondents highlighting the issues they have faced with inadequate resources. You need to have the right skilled resources to do all the pre-work before you implement a PKI, which allows you to understand all the processes, deploy it and then manage it going forward. It is also very closely linked to the next challenge we saw from our research which was based around insufficient skills around PKI,” said Qureshi.
Businesses are acutely aware that PKI is a necessity, and rather inevitably they want to deploy it ASAP, but as Qureshi points out that rush to deploy does not lend itself towards a successful project delivery.
“You’re not going to do something unless you really need to do it, and we know that in the new digital economy enterprises are facing a whole series of challenges and they are going to decide what to prioritise now, and what do they need to implement later. What we are finding is organisations are discovering they need PKI and immediately seek to go and buy a PKI solution, but we think that’s the wrong approach. What we say to companies who have reached out to us for a PKI solution is we’re not going to try to sell you anything, instead we want to understand what they want to do, and establish if they have a strategy,” said Qureshi.
According to Qureshi, strategy is the key component in ensuring that businesses deploy PKI in an effective and efficient manner.
“Strategy is fundamental because that strategy will allow you to identify where should that ownership lie, is there a natural home, is there an area that you can invest in terms of processes and people to help drive that strategy. All the technology is going to do is implement the strategy that you have, it’s going to do what you tell it to do. The most important thing is to understand what you want the PKI to do, and what are you trying to protect? So, it is imperative for enterprises to understand the strategy first and how the deployment of the PKI fits into your overall business strategy,” said Qureshi.
Patience is a virtue, and that is especially the case when dealing with those under pressure to deploy a PKI solution.
However, Qureshi stressed the need for a consultative approach when dealing with prospective customers.
“We do face resistance at times because the nature of the situation is a lot of companies are under severe pressure in relation to time constraints, but the real problem is if a vendor just sells them a product to make a quick buck then they are not really helping the client with their issue, and in many cases will have made their situation considerably worse, and ultimately you’re going to end up with a failed solution. No professional wants to be associated with a failed project, or no vendor like Entrust that prides itself on being a solutions provider wants to be involved with a failed project. It is much better to take a strong stand and take a consultative approach to getting where your client needs to get to. We know you are under pressure, but it will be far more damaging to buy a solution that will not meet your needs in the long-run,” said Qureshi.
Over the last 18 months the IT ecosystem has witnessed some devastating cyberattacks, and the economic and brand consequences of those attacks have left permanent scars on those effected, and it only serves to reinforce the importance of having a resilient and strong security portfolio to protect your business.
One of the other key capabilities of PKI is its ability to enable security for critical digital initiatives such as cloud technology.
“What you have within an organisation is a series of communications between people and machines, but what you must be able to do is verify the identity and the credentials of who you are interacting with to ensure that the reason they are interacting with you is legitimate and valid. Essentially, a PKI system gives you that framework and allows you to build an underlying foundation in a secure, expedient, and efficient manner, which also enables you to establish the veracity of who or what is interacting with who or what – and determine whether that is happening for the right reasons. We know that as we become more immersed in a digital world much of it is done without human interaction, and as businesses transition to the cloud you are interacting with businesses that you don’t have any control over, so you do need to be able to protect yourself and be able to revoke authorisation as required – and having a PKI solution enables you to be much, much more secure,” concluded Qureshi.