Certificate-Related Outages Impact Most Businesses
March 01, 2017

Pete Goldin
APMdigest

Share this

Certificate-related outages negatively impact the reliability and availability of vital systems and services, according to a new study by Venafi.

“Certificates and keys are identity and access management for machines, just like user names and passwords are for humans,” said Kevin Bocek, VP of Security Strategy and Threat Intelligence at Venafi. “Certificates allow machines to communicate securely and that makes them an essential, but underappreciated, part of every organization’s digital ecosystem and our global digital economy. When certificates expire unexpectedly, critical services can be impacted. Unfortunately, most businesses do not have the visibility or tools necessary to manage this fundamental element of cyber security and operational availability effectively.”

The primary study findings include:

■ The majority (79 percent) of respondents suffered at least one certificate-related outage in 2016.

■ Over a third (38 percent) suffered more than six certificate-related outages in 2016.

■ Almost one in twenty (4 percent) suffered 100 or more certificate-related outages in 2016.

■ Almost two-thirds (64 percent) said their organizations could not respond to a certificate-related security event in six hours or less.

As the use of encryption explodes, the challenges connected with effective key and certificate management have proliferated. Recent research showed dramatic growth in the use of keys and certificates, especially among large organizations.

One of the primary drivers behind the surge in certificate usage is the explosion in the number of IP-enabled devices on business networks. Another challenge organizations face is the adoption of DevOps and Fast IT development processes that dramatically increase the number of certificates needed. This increase in certificates and their corresponding keys compounds the serious security vulnerabilities associated with cryptographic key and digital certificate mismanagement.

Many businesses are still unaware of the scale of this problem. Venafi customer data shows that the average organization found over 16,500 unknown keys and certificates of which they were not previously aware. Also, the new study shows that most companies do not have control over their key and certificate inventory, do not have an automated process for renewals and have no central record of when certificates are due to expire:

■ Almost two-thirds (65 percent) of organizations do not manage all their keys and certificates centrally.

■ Of those that do manage certificates centrally, 65 percent rely on security controls from their Certificate Authorities (CAs), which limit their visibility to certificates provided by the issuing CA.

“The good news is that certificate-related outages are completely preventable, but you need to understand the scale and the scope of the problem,” continued Bocek. “As we use more cloud services, IoT devices and DevOps automation, certificate usage is skyrocketing. To keep up with this expanding problem, organizations must automate the discovery, issuance, lifecycle, and remediation of all keys and certificates from the data center to the cloud to the IoT edge of their networks. Failure to do so puts the reliability and availability of critical services at risk and dramatically increases cyber security risks.”

Share this

The Latest

May 24, 2017

In today's digital world, it is possible to gauge the cost implications of an IT outage on employee productivity, revenue generation but it is usually much more tricky to measure the negative impacts on the very IT people's lives ...

May 22, 2017

APMdigest asked experts across the industry for their opinions on the next steps for ITOA. Part 5 offers some interesting final thoughts ...

May 19, 2017

APMdigest asked experts across the industry for their opinions on the next steps for ITOA. Part 4 covers automation and the dynamic IT environment ...

May 18, 2017

APMdigest asked experts across the industry for their opinions on the next steps for ITOA. Part 3 covers monitoring and user experience ...

May 17, 2017

APMdigest asked experts across the industry for their opinions on the next steps for ITOA. Part 2 covers visibility and data ...

May 16, 2017

Managing application performance today requires analytics. IT Operations Analytics (ITOA) is often used to augment or built into Application Performance Management solutions to process the massive amounts of metrics coming out of today's IT environment. But today ITOA stands at a crossroads as revolutionary technologies and capabilities are emerging to push it into new realms. So where is ITOA going next? With this question in mind, APMdigest asked experts across the industry — including analysts, consultants and vendors — for their opinions on the next steps for ITOA ...

May 15, 2017

Digital transformation initiatives are more successful when they have buy-in from across the business, according to a new report titled Digital Transformation Trailblazing: A Data-Driven Approach ...

May 11, 2017

The growing market for analytics in IT is one of the more exciting areas to watch in the technology industry. Exciting because of the variety and types of vendor innovation in this area. And exciting as well because our research indicates the adoption of advanced IT analytics supports data sharing and joint decision making in a way that's catalytic for both IT and digital transformation ...

May 10, 2017

Colin Fletcher, Research Director at Gartner, talks about Algorithmic IT Operations (AIOps) and the challenges and recommendations for AIOps adoption ...

May 09, 2017

In APMdigest's exclusive interview, Colin Fletcher, Research Director at Gartner, talks about Algorithmic IT Operations (AIOps) and how it will impact ITOA and APM ...