Certificate-Related Outages Impact Most Businesses
March 01, 2017

Pete Goldin
APMdigest

Share this

Certificate-related outages negatively impact the reliability and availability of vital systems and services, according to a new study by Venafi.

“Certificates and keys are identity and access management for machines, just like user names and passwords are for humans,” said Kevin Bocek, VP of Security Strategy and Threat Intelligence at Venafi. “Certificates allow machines to communicate securely and that makes them an essential, but underappreciated, part of every organization’s digital ecosystem and our global digital economy. When certificates expire unexpectedly, critical services can be impacted. Unfortunately, most businesses do not have the visibility or tools necessary to manage this fundamental element of cyber security and operational availability effectively.”

The primary study findings include:

■ The majority (79 percent) of respondents suffered at least one certificate-related outage in 2016.

■ Over a third (38 percent) suffered more than six certificate-related outages in 2016.

■ Almost one in twenty (4 percent) suffered 100 or more certificate-related outages in 2016.

■ Almost two-thirds (64 percent) said their organizations could not respond to a certificate-related security event in six hours or less.

As the use of encryption explodes, the challenges connected with effective key and certificate management have proliferated. Recent research showed dramatic growth in the use of keys and certificates, especially among large organizations.

One of the primary drivers behind the surge in certificate usage is the explosion in the number of IP-enabled devices on business networks. Another challenge organizations face is the adoption of DevOps and Fast IT development processes that dramatically increase the number of certificates needed. This increase in certificates and their corresponding keys compounds the serious security vulnerabilities associated with cryptographic key and digital certificate mismanagement.

Many businesses are still unaware of the scale of this problem. Venafi customer data shows that the average organization found over 16,500 unknown keys and certificates of which they were not previously aware. Also, the new study shows that most companies do not have control over their key and certificate inventory, do not have an automated process for renewals and have no central record of when certificates are due to expire:

■ Almost two-thirds (65 percent) of organizations do not manage all their keys and certificates centrally.

■ Of those that do manage certificates centrally, 65 percent rely on security controls from their Certificate Authorities (CAs), which limit their visibility to certificates provided by the issuing CA.

“The good news is that certificate-related outages are completely preventable, but you need to understand the scale and the scope of the problem,” continued Bocek. “As we use more cloud services, IoT devices and DevOps automation, certificate usage is skyrocketing. To keep up with this expanding problem, organizations must automate the discovery, issuance, lifecycle, and remediation of all keys and certificates from the data center to the cloud to the IoT edge of their networks. Failure to do so puts the reliability and availability of critical services at risk and dramatically increases cyber security risks.”

Share this

The Latest

September 24, 2018

The financial industry is experiencing a massive wave of change over the last several years. Digital disruption has been truly disruptive to this industry. For instance, a mobile-centric world demands optimization of mobile applications and content delivery to provide the best possible customer experience. To this end, there are several ways to go about monitoring the network and its applications to collect the necessary performance data and deliver the requisite customer quality of experience ...

September 21, 2018

The performance gap between customer experience leaders and runners-up is widening, with those on top being disproportionately rewarded. Gartner said organizations must ignore three myths in order to achieve a superior customer experience ...

September 19, 2018

This summer marked three years since Microsoft announced Windows 10, its first "Windows as a service" Operating System (OS). Windows 10 brought with it a new Software-as-a-Service-like approach to updates, moving Microsoft and the millions of environments that depend on it, more frequent, bundled updates. Whether you believe the shift was for better or worse, one thing is certain, this "as a service" model is a natural progression for today's operating systems. That is why Windows 10 is changing not only how frequently updates are pushed out, but inherently how technology is purchased, how people consume it, and perhaps most importantly, how IT is run. Let's take a look at how Windows 10 has impacted these three key areas over the past three years ...

September 18, 2018

To celebrate IT Professionals Day 2018 (this year on September 18), the SolarWinds IT Pro Day 2018: A World Powered by Tech Pros survey explores a "Tech PROactive" world where technology professionals have the time, resources, and ability to use their technology prowess to do absolutely anything ...

September 17, 2018

Are digital war rooms obsolete because they're just a place for managers of siloed business units to find someone else to blame for a critical IT event such as a security breach? Far from it. Enterprises find these emergency response teams just as important, if not more important, than ever ...

September 14, 2018

The goal of EMA's latest research was to look at how advanced IT analytics (AIA) — EMA's term for primarily what today is best known as "AIOps" — is being deployed. Here are the remaining four of my seven personal takeaways ...

September 13, 2018

OK, the data is in! The goal of EMA's latest research was to look at how advanced IT analytics (AIA) — or EMA's term for primarily what today is best known as "AIOps" — is being deployed. Here are seven of my own personal takeaways ...

September 12, 2018

By maximizing the knowledge of end-to-end quality of service (QoS) using virtualized network functions (VNFs), the SD-WAN (edge) gateway establishes a suitable connection with minimal latency and maximum performance so that entire organizations can make the most of the Office 365 application suite ...

September 11, 2018

Market exuberance for Office 365 has inspired business mandates to adopt the cloud-hosted collaboration and productivity suite without regards to the underlying chaos. While multi-location organizations are virtualizing, operating models haven’t necessarily changed. This partial transformation that excludes automation and simplification of the network puts Office 365 deployments (and other software-as-a-service offerings) in danger of failing ...

September 10, 2018

Most organizations are undergoing a digital transformation that directly impacts how they do business, yet 70 percent of employees have not mastered the skills they need for their jobs today, and 80 percent of employees do not have the skills needed for their current and future roles, according to Gartner ...