Certificate-Related Outages Impact Most Businesses
March 01, 2017

Pete Goldin
APMdigest

Share this

Certificate-related outages negatively impact the reliability and availability of vital systems and services, according to a new study by Venafi.

“Certificates and keys are identity and access management for machines, just like user names and passwords are for humans,” said Kevin Bocek, VP of Security Strategy and Threat Intelligence at Venafi. “Certificates allow machines to communicate securely and that makes them an essential, but underappreciated, part of every organization’s digital ecosystem and our global digital economy. When certificates expire unexpectedly, critical services can be impacted. Unfortunately, most businesses do not have the visibility or tools necessary to manage this fundamental element of cyber security and operational availability effectively.”

The primary study findings include:

■ The majority (79 percent) of respondents suffered at least one certificate-related outage in 2016.

■ Over a third (38 percent) suffered more than six certificate-related outages in 2016.

■ Almost one in twenty (4 percent) suffered 100 or more certificate-related outages in 2016.

■ Almost two-thirds (64 percent) said their organizations could not respond to a certificate-related security event in six hours or less.

As the use of encryption explodes, the challenges connected with effective key and certificate management have proliferated. Recent research showed dramatic growth in the use of keys and certificates, especially among large organizations.

One of the primary drivers behind the surge in certificate usage is the explosion in the number of IP-enabled devices on business networks. Another challenge organizations face is the adoption of DevOps and Fast IT development processes that dramatically increase the number of certificates needed. This increase in certificates and their corresponding keys compounds the serious security vulnerabilities associated with cryptographic key and digital certificate mismanagement.

Many businesses are still unaware of the scale of this problem. Venafi customer data shows that the average organization found over 16,500 unknown keys and certificates of which they were not previously aware. Also, the new study shows that most companies do not have control over their key and certificate inventory, do not have an automated process for renewals and have no central record of when certificates are due to expire:

■ Almost two-thirds (65 percent) of organizations do not manage all their keys and certificates centrally.

■ Of those that do manage certificates centrally, 65 percent rely on security controls from their Certificate Authorities (CAs), which limit their visibility to certificates provided by the issuing CA.

“The good news is that certificate-related outages are completely preventable, but you need to understand the scale and the scope of the problem,” continued Bocek. “As we use more cloud services, IoT devices and DevOps automation, certificate usage is skyrocketing. To keep up with this expanding problem, organizations must automate the discovery, issuance, lifecycle, and remediation of all keys and certificates from the data center to the cloud to the IoT edge of their networks. Failure to do so puts the reliability and availability of critical services at risk and dramatically increases cyber security risks.”

Share this

The Latest

June 23, 2017

"Become the Automator, Not the Automated." While it's a simple enough phrase, it speaks directly to how today's organizations and IT teams must innovate to remain competitive. A critical aspect of innovation is acknowledging the digital transformation of businesses. The move to digitalization enables organizations to more effectively unlock the power of information technology (IT) to fuel and accelerate business innovation. It is a competitive weapon and a survival imperative ...

June 22, 2017

Executives in the US and Europe now place broad trust in Artificial Intelligence (AI) and machine learning systems, designed to protect organizations from more dynamic pernicious cyber threats, according to Radware's 2017 Executive Application & Network Security Survey ....

June 21, 2017

While IT service management (ITSM) has too often been viewed by the industry as an area of reactive management with fading process efficiencies and legacy concerns, a new study by Enterprise Management Associates (EMA) reveals that, in many organizations, ITSM is becoming a hub of innovation ...

June 20, 2017

Cloud is quickly becoming the new normal. The challenge for organizations is that increased cloud usage means increased complexity, often leading to a kind of infrastructure "blind spot." So how do companies break the blind spot and get back on track? ...

June 19, 2017

Hybrid IT is becoming a standard enterprise model, but there’s no single playbook to get there, according to a new report by Dimension Data entitled The Success Factors for Managing Hybrid IT ...

June 16, 2017

Any mobile app developer will tell you that one of the greatest challenges in monetizing their apps through video ads isn't finding the right demand or knowing when to run the videos; it's figuring out how to present video ads without slowing down their apps ...

June 15, 2017

40 percent of UK retail websites experience downtime during seasonal peaks, according to a recent study by Cogeco Peer 1 ...

June 14, 2017

Predictive analytics is a popular ITOA technology that you can leverage to improve your business by leaps and bounds. Predictive analytics analyzes relationships among various data points to predict behavioral trends, growth opportunities and risks, which can add critical value to your business. Here are a few questions to help you decide if predictive analytics is right for your business ...

June 13, 2017

Many organizations are at a tipping point, as new technology demands are set to outstrip the skills supply, according to a new Global Digital Transformation Skills Study by Brocade ...

June 12, 2017

Network capacity is the lifeblood of an enterprise — bandwidth enables business. Getting the most out of the network is a fine balancing act, so it's understandable that enterprises are always hungry for more bandwidth. Two out of three IT and network professionals expect bandwidth usage to increase by up to 50% by the end of 2017. However, bandwidth availability issues could become a thing of the past. We are on the cusp of a great surge of capacity as gigabit speed internet becomes a reality ...