Managed digital trust services, such as managed Public Key Infrastructure (PKI), have stepped in to provide Software-as-a-Service (SaaS)-based platforms and dedicated specialist teams that can take over a lot of the difficult operational work from organizations; for example, managing PKI administration, maintenance, or Certificate Lifecycle Management (CLM). Under the auspices of managed services, solutions such as self-service PKI-as-a-Service (PKIaaS) and CLM-as-a-Service (CLMaaS) have emerged, pushing the boundaries even further.
Registered users can unlock up to five pieces of premium content each month.
Market Overview
- The Public Key Infrastructure (PKI) market is estimated at US$2.4 billion globally for 2023, reaching US$3.7 billion by 2027.
- Within the managed services sub-market, self-service PKI-as-a-Service (PKIaaS) is a fast-growing industry, expected to be highly dynamic, with ABI Research forecasting a Compound Annual Growth Rate (CAGR) for the 2023 to 2027 period of 30% globally.
- While global revenue today is still relatively small in comparison to the total (about US$142 million of the billion forecast for managed services in 2023), revenue for self-service PKIaaS is eventually expected to hit half a billion by 2027.
- In general, the self-service PKIaaS market is a promising sub-market of the global managed PKI industry. The commercial solutions out today are still nascent, and there is significant room for advancement and improvement from providers.
- ABI Research does not expect the self-service PKIaaS market to fully mature for another 3 to 4 years, at the earliest, but increasing security policy and associated regulation in the Internet of Things (IoT), supply chains, 5G, the cloud, and resiliency is certainly another significant driver for the digital trust space generally.
- Overall, from a services perspective, the self-service market represents only about 15% to 18% of the total managed PKI market in 2023. However, by 2027, ABI Research expects that share to grow to 26% to 32%.
“Managed digital trust services, such as managed PKI, have stepped in to provide Software-as-a-Service (SaaS)-based platforms and dedicated specialist teams that can take over a lot of the difficult operational work from organizations; for example, to manage PKI administration, maintenance, or Certificate Lifecycle Management (CLM). Under the auspices of managed services, solutions such as self-service PKI-as-a-Service (PKIaaS) and CLM-as-a-Service (CLMaaS) have emerged, pushing the boundaries even further. ” – Michela Menting, Senior Research Director at ABI Research
Key Decision Items
Understand How Self-Service PKlaaS Works
Managed services typically provide all of the technologies and features for running a PKI or a Certificate Lifecycle Management (CLM) on a platform hosted by the provider. Some on-premises tools are provided to the user in order to effectively connect enterprise systems to the platform, as well as others for the user to retain control of certain assets (if requested). These can include enrollment gateways for CLM, Hardware Security Modules (HSMs) for offline root Certificate Authorities (CAs) and intermediate CAs, etc.
Self-service PKIaaS takes that one step further by abstracting all of those on-premises assets to the provider’s own cloud resources (sometimes sovereign, sometimes in a public cloud platform), including hosting dedicated single-tenant HSMs that can provide offline root CA capabilities, including with M of N security controls for offline assets. Some also provide online root CA options. Ultimately, the as-a-Service (aaS) model allows for the abstraction of the remaining on-premises aspects to the cloud.
The Advantage of PKlaaS
Most managed PKI providers are transitioning to offer some form of self-service PKIaaS. The advantage is that they have built out custom platforms from which they currently manage their clients’ PKIs, making it easier to repurpose the technology in new packaging options. From the provider’s perspective, it is about opening up that same platform and providing the various features as modular elements that can be subscribed to practically unilaterally from the client side. The managed service aspect remains a premium offering for the provider, but an open platform allows the targeting of a much wider market than was previously possible, including for those who want the bare minimum in support.
Support a Wide Range of Business Use Cases and Vendor Products
For as-a-Service digital trust providers, diversification will be key in expanding their Total Addressable Market (TAM). Key management has always been relatively complex for enterprises, and the growing adoption of new devices and systems makes it increasingly difficult. Addressing new applications and use cases quickly will provide a competitive edge and retain relevance for end users. Therefore, digital trust platforms must be open and modular, supporting integration with competitor products if possible as enterprises look to avoid being locked in.
Ensure Your Business Model Aligns with the Scalability Theme
Successfully deploying PKIaaS will require hosting that is secure, and therefore, backed by HSMs at a minimum, and with a platform offering that can grow quickly and provide as much customization as possible to allow users to create and manage trust on a customized scale for their specific demands, which are likely to change quickly.
The business models should reflect this posture, and providers should be able to offer flexible payment options, including pay-as-you-go usage and volume discount options. Integration with various other enterprise applications and support for legacy and emerging standards will also be crucial.
Integrate the Self-Service PKIaaS Platform with CLM Solutions
Integrating CLM is part of the transition to self-service PKI business models. Traditionally viewed as a separate core offering to PKI, CLM capabilities are increasingly a part of self-service aaS offerings; today, they can either be consumed as part of the PKI service or deployed in an enterprise network as an on-premises software product (acting as a gateway to the PKIaaS) in a private or public cloud. Some providers offer the option for the CLM to be deployed in hypervisor-based Virtual Machines (VMs), VM instances, or even as Kubernetes-based applications. Most providers are looking to move away from any form of on-premises option, although the transition will take some time.
Key Market Players to Watch
Dig Deeper for the Full Picture
Get a more thorough analysis of the transition from managed PKI service models to as-a-Service models by downloading ABI Research’s PKI-as-a-Service: Managed and Self-Service Models for PKI and CLM report. The research report also identifies PKI business strategies, the vendor ecosystem, top security features, and more.
Not ready for the report yet? Check out the following Research Highlights:
- The Hardware Security Module (HSM) Market Embraces the Cloud
- Post Quantum Cryptography (PQC): Algorithms, NIST Standardization, Challenges, and Outlook
This report is part of our Cybersecurity Applications Research Service.