Public Key Infrastructure (PKI) has been used for decades to authenticate users, devices, and systems. Yet today, many organizations are revisiting long-standing PKI questions as IT environments become more dynamic.
Recent industry surveys show that 45% of organizations reported service outages due to certificate-related issues over the past year, with 37.5% directly linked to expired certificates and many organizations incurring significant financial losses as a result.
Cloud adoption, hybrid infrastructures, automation, and the growing number of machine identities have significantly changed how certificates are issued, used, and managed.
In most cases, PKI itself is not the issue. The real challenge lies in answering practical PKI questions related to scalability, lifecycle management, and operational complexity.
Legacy approaches were designed for a limited number of users and static infrastructures. Modern businesses operate at a very different scale — with short-lived certificates, automated workloads, and strict compliance requirements.
To address the most common and practical questions around PKI today, we invited Nikolay Lazitskiy, a PKI expert, to share his perspective on where PKI stands now, why it remains relevant, and what organizations need to focus on to use it effectively.
One of the most popular and common questions we face: Is PKI still alive?
Definitely, yes. And it is not just alive, but still actively used not only in large enterprises. We can meet PKI in national IDs systems. Today even small companies or individuals use certificates for authentication and qualified electronic signature when they communicate with government services. And of course, PKI is used in modern hybrid or cloud IT solutions, like Microsoft Azure or Amazon Web Services. I can confidently say that PKI is everywhere.
Nikolay Lazitskiy
Why do you require CMS if the basic tasks of certificate management are performed by a CA?
First, CMS allows you to decrease the number of manual operations in different snap-ins or web services and to save your time. In one window you can make all necessary operations with a smart card (initialization, user PIN generation, unblock etc.) and certificate (create request and send it to the CA, renew or revoke).
Second, in CMS you can create different workflows for certificates and smart card management. For example, you can configure smart card issuance rules for certain groups of users or even departments.
Finally, CMS can help you with notifications and reports. It can notify IT staff or users about expiring or expired certificates, issued smart cards or certain certificates and many other events. The Inventory team can track the amount of used and available empty smart cards.
Nikolay Lazitskiy
How to use systems for PKI management and device inventory to effectively address the tasks?
Certificate Management Systems (CMS) are used to make PKI infrastructure visible for network administrators, security officers and in some cases for the end users. Such solutions can help you find, enroll, store certificates and backup private keys. If we are talking about hardware, then some CMS have inventory functions that help you manage HSMs, smart cards and USB-tokens along with saved certificates on them. CMS also allows to delegate some certificate or smart card management tasks from IT specialists to the end users. For example certificate enrollment and smart card initialization in the self-service application according to predefined policies. You can get more from CMS if it is integrated with other IT systems in your company, like Identity Management and Access Control Systems.
Nikolay Lazitskiy
How can small and medium enterprises increase Return of Investment (ROI) from using PKI?
PKI is quite expensive, that’s true. Especially on the start of implementation. But if you include PKI in several processes in your company, it turns much cheaper. For example, PKI can be used for email encryption and electronic signature only in one department. But if you bring it into domain and device authentication, the number of PKI users will increase, and each certificate and smart card will cost you less. You can also combine personal smart cards with certificates and plastic ID or physical access cards in one. It can reduce costs for different types of cards and onboarding procedures.
Another possible way for small companies to pay less, is to start to use PKI as a service. In that case they don’t invest in CAs, HSMs and staff training and pay trusted PKI providers only for issued certificates (for qualified electronic signature for example).
Nikolay Lazitskiy
Many of today’s PKI questions are no longer about cryptography itself, but about control, visibility, and operational reliability. PKI remains a critical technology for authentication, electronic signatures, and secure communication — but only when certificates are properly managed across their entire lifecycle.
The real challenge is no longer issuing certificates, but maintaining visibility and control over their entire lifecycle. This is where certificate management systems play a critical role. They turn PKI from a fragmented, manual process into a manageable and scalable part of the access and security architecture.
Organizations that take time to address PKI questions around automation, inventory, and integration significantly reduce the risk of outages caused by expired certificates and fragmented processes. Certificate management systems turn PKI from a manual and error-prone task into a predictable and scalable part of the security architecture.
If you want to understand how a certificate management system can help your organization gain more control over PKI, automate routine tasks, and reduce operational risk, our experts are ready to help.
