Industry executives and experts share their predictions for 2025. Read them in this 17th annual VMblog.com series exclusive.By Christian Simko, Vice President of Product Marketing
at AppViewX
In 2024, we saw some pretty significant PKI
trends and challenges, including the push for shorter validity TLS
certificates, the distrust of a major public CA, and the standardization of new
post-quantum cryptography encryption algorithms. We are almost certain to see
new challenges for machine and non-human identity management in 2025. Here are
my 2025 predictions.
- Shortened Certificate Validity Periods Increase
Automation Pressure
With Google pushing for a 90-day maximum TLS certificate validity period
and Apple looking to reduce it to 45 days by 2027, enterprises will need
to adopt automated certificate lifecycle management solutions to avoid
costly service disruptions and security vulnerabilities. Manual processes
will become impractical, leading to increased reliance on certificate
lifecycle management automation across hybrid multi-cloud environments.
Security teams must also prepare for potential burnout and staff turnover
due to the heightened frequency of certificate renewals.
- Quantum-Resilient Cryptography Becomes a Board-Level
Priority
As advancements in quantum computing edge closer
and the threat to classical encryption grows, organizations will
accelerate efforts to implement quantum-resistant encryption algorithms.
PKI infrastructures must be future-proofed for cryptographic agility,
requiring the ability to quickly adapt to new quantum-resilient algorithms
without service disruptions. Security teams will also need to conduct
regular audits and threat modeling to understand quantum vulnerabilities
to keep the enterprise secure.
- Increased Focus on Non-Human Identity Management
The exponential growth of non-human identities, including those associated
with cloud workloads, containerization and IoT devices, will push
organizations to prioritize integrated identity management. This will
involve securing non-human and machine identities at scale with policies
akin to those for human identities, facilitating a more robust Zero Trust
architecture. C-level and security leadership will demand better
visibility, control and governance of non-human and machine identities as
a critical component to an enterprise-wide identity first security
approach.
- Rising Complexity in Multi-cloud PKI Management
Enterprises will struggle with fragmented visibility of certificates
across hybrid multi-cloud environments, leading to increased risk of
expired or improperly configured certificates. Centralizing certificate
and key management will become critical, with a strong emphasis on
visibility, automation and policy enforcement and compliance. Security
teams will be expected to ensure seamless integration and effective
certificate lifecycle management across all enterprise infrastructure and
services.
- Heightened Security Risks from Expired and
Self-Signed Certificates
With DevOps pushing for more speed and agility, the persistence of expired
and self-signed certificates in applications, workloads and cloud services
will continue to be a top vulnerability. Organizations will be under
pressure to eliminate self-signed certificates in favor of those issued by
trusted and approved Certificate Authorities (CAs). Additionally, there
will be a strong push for real-time monitoring and alerting mechanisms to
mitigate risks associated with rogue CAs, mis-configurations and certificate
expirations.
- Evolving Threat Landscape Forces PKI Revamps
As threats targeting PKI ecosystems grow, expect enterprises to conduct
comprehensive PKI health checks and risk assessments. Vulnerabilities,
such as exposed keys, weak crypto algorithms and the use of unapproved
Certificate Authorities (CAs), will prompt organizations to adopt stronger
cryptographic practices policies. Security teams will also need to
implement automated certificate lifecycle management solutions and PKI
modernization to ensure a strong security and compliance posture.
##
ABOUT THE AUTHOR
Christian Simko, Vice President of Product Marketing
at AppViewX has more than 20 years of experience in cybersecurity, networking,
and IT with CodeSecure, Onapsis, GlobalSign and others.