In 2024, we certainly witnessed some interesting trends and disruptions in machine and non-human management, certificate lifecycle management (CLM), and PKI. In research from the Enterprise Strategy Group, non-human (machine) identities are outnumbering human identities in enterprise environments by more than 20:1. Following on Google's previous proposal on reducing TLS certificate validity to 90 days, Apple has proposed reducing TLS certificate validity to 47 days by 2028. Google and Mozilla have distrusted TLS certificates issued by Entrust because of CA/Browser Forum violations. And, NIST standardized the first set of Post-Quantum Cryptography (PQC) encryption algorithms and issued guidance for Post-Quantum resiliency. That's a lot for one year to comprehend and prepare for in 2025.
Here are our predictions in 2025 and what you can expect as you look to implement crypto-agility, prepare for PQC and improve your overall crypto hygiene and enterprise security posture.
With Google pushing for a 90-day maximum TLS certificate validity period and Apple looking to reduce it to 45 days by 2027, enterprises will need to adopt automated certificate lifecycle management solutions to avoid costly service disruptions and security vulnerabilities. Manual processes will become impractical, leading to increased reliance on certificate lifecycle management automation across hybrid multi-cloud environments. Security teams must also prepare for potential burnout and staff turnover due to the heightened frequency of certificate renewals.
As advancements in quantum computing edge closer and the threat to classical encryption grows, organizations will accelerate efforts to implement quantum-resistant encryption algorithms. PKI infrastructures must be future-proofed for cryptographic agility, requiring the ability to quickly adapt to new quantum-resilient algorithms without service disruptions. Security teams will also need to conduct regular audits and threat modeling to understand quantum vulnerabilities to keep the enterprise secure.
The exponential growth of non-human identities, including those associated with cloud workloads, containerization and IoT devices, will push organizations to prioritize integrated identity management. This will involve securing non-human and machine identities at scale with policies akin to those for human identities, facilitating a more robust Zero Trust architecture. C-level and security leadership will demand better visibility, control and governance of non-human and machine identities as a critical component to an enterprise-wide identity first security approach.
Enterprises will struggle with fragmented visibility of certificates across hybrid multi-cloud environments, leading to increased risk of expired or improperly configured certificates. Centralizing certificate and key management will become critical, with a strong emphasis on visibility, automation and policy enforcement and compliance. Security teams will be expected to ensure seamless integration and effective certificate lifecycle management across all enterprise infrastructure and services.
With DevOps pushing for more speed and agility, the persistence of expired and self-signed certificates in applications, workloads and cloud services will continue to be a top vulnerability. Organizations will be under pressure to eliminate self-signed certificates in favor of those issued by trusted and approved Certificate Authorities (CAs). Additionally, there will be a strong push for real-time monitoring and alerting mechanisms to mitigate risks associated with rogue CAs, mis-configurations and certificate expirations.
As threats targeting PKI ecosystems grow, expect enterprises to conduct comprehensive PKI health checks and risk assessments. Vulnerabilities, such as exposed keys, weak crypto algorithms and the use of unapproved Certificate Authorities (CAs), will prompt organizations to adopt stronger cryptographic practices policies. Security teams will also need to implement automated certificate lifecycle management solutions and PKI modernization to ensure a strong security and compliance posture.
To learn more about how AppViewX can help you now and in the future, we welcome you to schedule a demo of our AVX ONE CLM and PKI solution.
*** This is a Security Bloggers Network syndicated blog from Blogs Archive - AppViewX authored by Christian Simko. Read the original post at: https://www.appviewx.com/blogs/appviewx-2025-predictions-machine-identity-security-certificate-lifecycle-management-and-pki/