Certificate-Related Outages Impact Most Businesses
March 01, 2017

Pete Goldin
APMdigest

Share this

Certificate-related outages negatively impact the reliability and availability of vital systems and services, according to a new study by Venafi.

“Certificates and keys are identity and access management for machines, just like user names and passwords are for humans,” said Kevin Bocek, VP of Security Strategy and Threat Intelligence at Venafi. “Certificates allow machines to communicate securely and that makes them an essential, but underappreciated, part of every organization’s digital ecosystem and our global digital economy. When certificates expire unexpectedly, critical services can be impacted. Unfortunately, most businesses do not have the visibility or tools necessary to manage this fundamental element of cyber security and operational availability effectively.”

The primary study findings include:

■ The majority (79 percent) of respondents suffered at least one certificate-related outage in 2016.

■ Over a third (38 percent) suffered more than six certificate-related outages in 2016.

■ Almost one in twenty (4 percent) suffered 100 or more certificate-related outages in 2016.

■ Almost two-thirds (64 percent) said their organizations could not respond to a certificate-related security event in six hours or less.

As the use of encryption explodes, the challenges connected with effective key and certificate management have proliferated. Recent research showed dramatic growth in the use of keys and certificates, especially among large organizations.

One of the primary drivers behind the surge in certificate usage is the explosion in the number of IP-enabled devices on business networks. Another challenge organizations face is the adoption of DevOps and Fast IT development processes that dramatically increase the number of certificates needed. This increase in certificates and their corresponding keys compounds the serious security vulnerabilities associated with cryptographic key and digital certificate mismanagement.

Many businesses are still unaware of the scale of this problem. Venafi customer data shows that the average organization found over 16,500 unknown keys and certificates of which they were not previously aware. Also, the new study shows that most companies do not have control over their key and certificate inventory, do not have an automated process for renewals and have no central record of when certificates are due to expire:

■ Almost two-thirds (65 percent) of organizations do not manage all their keys and certificates centrally.

■ Of those that do manage certificates centrally, 65 percent rely on security controls from their Certificate Authorities (CAs), which limit their visibility to certificates provided by the issuing CA.

“The good news is that certificate-related outages are completely preventable, but you need to understand the scale and the scope of the problem,” continued Bocek. “As we use more cloud services, IoT devices and DevOps automation, certificate usage is skyrocketing. To keep up with this expanding problem, organizations must automate the discovery, issuance, lifecycle, and remediation of all keys and certificates from the data center to the cloud to the IoT edge of their networks. Failure to do so puts the reliability and availability of critical services at risk and dramatically increases cyber security risks.”

Share this

The Latest

March 27, 2017

Monitoring a business means monitoring an entire business – not just IT or application performance. If businesses truly care about differentiating themselves from the competition, they must approach monitoring holistically. Separate, siloed monitoring systems are quickly becoming a thing of the past ...

March 24, 2017

A growing IT delivery gap is slowing down the majority of the businesses surveyed and directly putting revenue at risk, according to MuleSoft's 2017 Connectivity Benchmark Report on digital transformation initiatives and the business impact of APIs ...

March 23, 2017

Why containers are growing in popularity is no surprise — they’re extremely easy to spin up or down, but come with an unforeseen issue. Without the right foresight, DevOps and IT teams may lose a lot of visibility into these containers resulting in operational blind spots and even more haystacks to find the presumptive performance issue needle ...

March 22, 2017

Much emphasis is placed on servers and storage when discussing Application Performance, mainly because the application lives on a server and uses storage. However, the network has considerable importance, certainly in the case of WANs where there are ways of speeding up the transmission of data of a network ...

March 21, 2017

The majority of IT executives believe investment in IT Service Management (ITSM) is important to gain the agility needed to compete in an era of global, cross-industry disruption and digital transformation, according to Delivering Value to Today’s Digital Enterprise: The State of IT Service Management 2017, a report by BMC, conducted in association with Forbes ...

March 17, 2017

Let’s say your company has examined all the potential pros and cons, and moved your critical business applications to the cloud. The advertised benefits of the cloud seem like they’ll work out great. And in many ways, life is easier for you now. But as often happens when things seem too good to be true, reality has a way of kicking in to reveal just exactly how many things can go wrong with your cloud setup – things that can directly impact your business ...

March 16, 2017

IT leadership is more driven to be innovative than ever, but also more in need of justifying costs and showing value than ever. Combining the two is no mean feat, especially when individual technologies are put forward as the single tantalizing answer ...

March 15, 2017

The move to Citrix 7.X is in full swing. This has improved the centralizing of Management and reduction of costs, but End User Experience is becoming top of the business objectives list. However, delivering that is not something to be considered after the upgrade ...

March 14, 2017

As organizations understand the findings of the Cyber Monday Web Performance Index and look to improve their site performance for the next Cyber Monday shopping day, I wanted to offer a few recommendations to help any organization improve in 2017 ...

March 13, 2017

Online retailers stand to make a lot of money on Cyber Monday as long as their infrastructure can keep up with customers. If your company's site goes offline or substantially slows down, you're going to lose sales. And even top ecommerce sites experience performance or stability issues at peak loads, like Cyber Monday, according to Apica's Cyber Monday Web Performance Index ...