PKI Insights Recap - Emerging PKI Threats for 2025

As we step into 2025, the cybersecurity landscape continues to evolve, with Public Key Infrastructure (PKI) at the center of many critical challenges. During our January PKI Insights webinar, we had the opportunity to discuss some of the most pressing PKI threats for the year ahead and offer actionable strategies to address them. Here are some of the key takeaways.

Strong Certificate Mapping: Urgency Ahead

Strong certificate mapping has re-entered the spotlight from updates from Microsoft originally released in May of 2022. With enforcement deadlines fast approaching—February 11, 2025, and September 10, 2025—organizations need to act now to avoid disruptions. Organizations using mobile device managers (MDMs) excluding Microsoft Intune to issue certificates to endpoints should take notice. Certificates not meeting strong mapping requirements will stop working for use cases such as wireless access or remote/VPN. Updates to domain controllers prior to the February date will allow functionality to continue, but only until September. After that, the updates to domain controllers will be ignored and certificates not meeting strong mapping requirements will fail.

Avoiding Configuration Drift

PKI misconfigurations often result from well-intentioned but uninformed changes, leaving environments vulnerable to exploitation. Configuration drift can occur when improper permissions or settings are introduced, either by accident or under vendor instructions. We discussed how tools like PKI Spotlight help organizations detect and respond to these changes in real-time, ensuring your PKI remains secure and operational.

Preparing for the Post-
Quantum Era

The post-quantum cryptography (PQC) revolution is on the horizon, and organizations must start preparing now. While full implementation may still be years away, attackers can already capture encrypted data for future decryption once quantum computing becomes mainstream. We explored steps to classify critical data, assess PKI readiness, and begin implementing hybrid solutions that combine traditional and quantum-resistant cryptography.