Certificate-Related Outages Impact Most Businesses
March 01, 2017

Pete Goldin
APMdigest

Share this

Certificate-related outages negatively impact the reliability and availability of vital systems and services, according to a new study by Venafi.

“Certificates and keys are identity and access management for machines, just like user names and passwords are for humans,” said Kevin Bocek, VP of Security Strategy and Threat Intelligence at Venafi. “Certificates allow machines to communicate securely and that makes them an essential, but underappreciated, part of every organization’s digital ecosystem and our global digital economy. When certificates expire unexpectedly, critical services can be impacted. Unfortunately, most businesses do not have the visibility or tools necessary to manage this fundamental element of cyber security and operational availability effectively.”

The primary study findings include:

■ The majority (79 percent) of respondents suffered at least one certificate-related outage in 2016.

■ Over a third (38 percent) suffered more than six certificate-related outages in 2016.

■ Almost one in twenty (4 percent) suffered 100 or more certificate-related outages in 2016.

■ Almost two-thirds (64 percent) said their organizations could not respond to a certificate-related security event in six hours or less.

As the use of encryption explodes, the challenges connected with effective key and certificate management have proliferated. Recent research showed dramatic growth in the use of keys and certificates, especially among large organizations.

One of the primary drivers behind the surge in certificate usage is the explosion in the number of IP-enabled devices on business networks. Another challenge organizations face is the adoption of DevOps and Fast IT development processes that dramatically increase the number of certificates needed. This increase in certificates and their corresponding keys compounds the serious security vulnerabilities associated with cryptographic key and digital certificate mismanagement.

Many businesses are still unaware of the scale of this problem. Venafi customer data shows that the average organization found over 16,500 unknown keys and certificates of which they were not previously aware. Also, the new study shows that most companies do not have control over their key and certificate inventory, do not have an automated process for renewals and have no central record of when certificates are due to expire:

■ Almost two-thirds (65 percent) of organizations do not manage all their keys and certificates centrally.

■ Of those that do manage certificates centrally, 65 percent rely on security controls from their Certificate Authorities (CAs), which limit their visibility to certificates provided by the issuing CA.

“The good news is that certificate-related outages are completely preventable, but you need to understand the scale and the scope of the problem,” continued Bocek. “As we use more cloud services, IoT devices and DevOps automation, certificate usage is skyrocketing. To keep up with this expanding problem, organizations must automate the discovery, issuance, lifecycle, and remediation of all keys and certificates from the data center to the cloud to the IoT edge of their networks. Failure to do so puts the reliability and availability of critical services at risk and dramatically increases cyber security risks.”

Share this

The Latest

April 26, 2018

The growing urgency of enterprises to digitally transform their business operations and enhance customer experience was the driving force behind much of the growth in outsourcing innovation, contract awards and spending in 2017, according to the ISG Momentum Annual Report ...

April 25, 2018

Organizations are embracing digital transformation, as 89% have plans to adopt or have already adopted a digital-first business strategy, according to the 2018 IDG Digital Business Survey ...

April 24, 2018

Managing emerging technologies such as Cloud, microservices and containers and SDx are driving organizations to redefine their IT monitoring strategies, according to a new study titled 17 Areas Shaping the Information Technology Operations Market in 2018 from Digital Enterprise Journal (DEJ) ...

April 23, 2018

Balancing digital innovation with security is critical to helping businesses deliver strong digital experiences, influencing factors such maintaining a competitive edge, customer satisfaction, customer trust, and risk mitigation. But some businesses struggle to meet that balance according to new data ...

April 19, 2018

In the course of researching, documenting and advising on user experience management needs and directions for more than a decade, I've found myself waging a quiet (and sometimes not so quiet) war with several industry assumptions. Chief among these is the notion that user experience management (UEM) is purely a subset of application performance management (APM). This APM-centricity misses some of UEM's most critical value points, and in a basic sense fails to recognize what UEM is truly about ...

April 18, 2018

We now live in the kind of connected world where established businesses that are not evolving digitally are in jeopardy of becoming extinct. New research shows companies are preparing to make digital transformation a priority in the near future. However most of them have a long way to go before achieving any kind of mastery over the multiple disciples required to effectively innovate ...

April 17, 2018

IT Transformation can result in bottom-line benefits that drive business differentiation, innovation and growth, according to new research conducted by Enterprise Strategy Group (ESG) ...

April 16, 2018

While regulatory compliance is an important activity for medium to large businesses, easy and cost-effective solutions can be difficult to find. Network visibility is an often overlooked, but critically important, activity that can help lower costs and make life easier for IT personnel that are responsible for these regulatory compliance solutions ...

April 12, 2018

This is the third in a series of three blogs directed at recent EMA research on the digital war room. In this blog, we'll look at three areas that have emerged in a spotlight in and of themselves — as signs of changing times — let alone as they may impact digital war room decision making. They are the growing focus on development and agile/DevOps; the impacts of cloud; and the growing need for security and operations (SecOps) to team more effectively ...

April 11, 2018

As we've seen, hardware is at the root of a large proportion of data center outages, and the costs and consequences are often exacerbated when VMs are affected. The best answer, therefore, is for IT pros to get back to basics ...