How to get Digital Certificates under control
May 2021 by Avesta Hojjati, Head of R&D at DigiCert
Digital certificates may be the most underappreciated part of network security. But like the screws and bolts which hold cars together, it’s the certificates which underpin much within network security. They secure communications on the web, in the enterprise and increasingly, within the massive IoT deployments and other digital transformations which are embedding themselves ever deeper within the enterprise.
The average company supposedly used 83,000 digital certificates and yet this critical - if small - part of network security is too often overlooked. A Ponemon report from 2020 showed that 74 percent of organisations could not say how many certificates or keys they had.
Without that kind of knowledge, enterprises invite all manner of risks. Chief among them is a certificate outage. A certificate outage is like when a small - but critical - part of an automobile comes loose mid-drive and the car comes crashing to a halt.
Given the fundamental role that certificates play for authentication and identity in enterprises and the world at large, the damage that an outage can cause is directly proportional to that critical position certificates hold.
The Equifax breach is one example, in which the data of hundreds of millions was exposed, and left unnoticed by Equifax because of an expired certificate. Another example is Ericsson - the Nordic electronics giant - who in December 2018 suffered a certificate expiry which led to service outages in 11 countries around the world and most emphatically in the UK where 32 million mobile customers lost service.
Not all enterprises suffer those kinds of catastrophic outcomes but they still pay a high price for their ignorance. In 2019, over half of business suffered from some kind of certificate outage. For large organisations, those outages cost over £4000 a minute according to Gartner. The aforementioned Ponemon report revealed that the cost of outages, averages out to £49.8 million over two years as a result lost productivity, reputational damage, system administration and support costs as well as the revenue directly lost as a result of the outage.
Certificates are critically important now. But just wait and see how important they become. We are living in an age of huge digital transformation. Organisations are heading into the cloud, gaining users, onboarding huge IoT deployments and enabling mass remote work. With that, enterprise data is exploding exponentially as is the need for certificate management.
That’s a problem, and it’s going to get bigger without a greater focus on certificates. Another survey revealed that 85 percent of CIOs believe that the increasing complexity of enterprise IT is going to make certificate outages even more dangerous.
As a result, TLS is set to grow as a method of encryption. A survey from 2019 has shown that 80 percent of organisations believe TLS will grow by 25 percent over the next five years. That means more and more certificates in the enterprise and without proper management and oversight, that will mean more potential points of failure and worse outcomes for poor cert management.
There’s never been a more critical time to get certificates under control. If enterprises don’t do it now, their job will only get harder as they digitally transform.
The average enterprise manages over 83,000 certificates according to Ponemon data. That’s an intimidating job for any human team of analysts, however well trained or experienced. Furthermore, those with experience in managing sizable certificate deployments are rare, so enterprises are going to have to fight tooth and nail to get their hands on the relevant talent.
A certificate management platform can help. The prime value of such a tool is that it discovers and organises all the certificates an environment contains within it, solving a big problem for those 71 percent of organisations that the Ponemon institute found could not say what certificates they held or where they were.
From there, they can be managed through one pane of glass and customised according to the specific needs of that environment. In doing so, enterprises relieve themselves of many of the headaches that come with nigh-on impossible attempts to manually manage their certificate deployments. Through that single pane of glass certificates can be managed, monitored and investigated if problems are suspected and remediated if those problems are found. A platform can help enterprises begin to automate the certificate lifecycle so that certs can be requested and renewed when they’re needed and before they expire, cutting down on the risk of unplanned certificate expiry.
There is too little certificate management in too many enterprises. They’ll pay the price for that if they haven’t already. For many, the wake-up call they need will be when the price for certificate outages and unplanned expiry rises higher than the cost of effectively managing their certificates. Hopefully enterprises won’t let it get that far because the advantages of a certificate management platform extend far beyond revenue retention. The ability to manage the tens of thousands of certificates and automate their lifecycle functions through one pane of glass is an opportunity no enterprise should ignore