Advertisement

  • News
  • Columns
  • Interviews
  • BW Communities
  • Events
  • BW TV
  • Subscribe to Print
  • Editorial Calendar 19-20
BW Businessworld

The Time To Automate Your Digital Certificate Management Has Arrived

Automating certificate management is increasingly being looked to as a way to mitigate the threats involved in such a critically important task

Photo Credit :

1571384385_7KSbhG_qc.jpg

When it comes to PKIs and certificate management, close attention and careful scrutiny are required. Anyone organization needs to oversee scores, hundreds and thousands of certificates – each with their own specifications, lifespans, and configurations. It’s a complex task which few are capable of on their own. What’s more, is that failure – in the form of an unanticipated expiry or outage – comes with a high price.

Certificate outages are a common problem. In 2019, 60 percent of organizations experienced a certificate-related outage. 

New developments, as well as old problems, are forcing increased attention on certificate management. The adoption of new technologies – such as Internet of Things devices – is behind an exponential expansion in enterprise certificate needs. Furthermore, major browsers recently halved maximum certificate lifespans from two years to just one. If enterprises weren’t paying attention to certificates before, they have to now.

Automating certificate management is increasingly being looked to as a way to mitigate the threats involved in such a critically important task. But organizations frequently run into problems along the way and either stall their plans for automation, halt them entirely, or at best fail to reap the rewards that automation offers.

The foremost problem that organizations encounter when trying to automate is knowing their own environment. In February, The Ponemon Institute released a study showing that 74 percent of organizations could not say which certificates they were using. It comes to an as little surprise that 55 percent of their respondents suffered over four certificate outages in the last four years.

However, that simply won’t do. Organizations need to know their environments inside and out – they need to know where their nodes are located, they need to know what kind of web servers and operating systems they use and they need to know how certificates are used within their environment. Many unfortunately don’t.

That’s not always an easy job either. There is a great amount of diversity within enterprise networks. While one department might use an Apache Web server, another might use nginX. Those kinds of nuances have to be accommodated too to spread automation throughout an environment.

That task is getting harder too. Enterprises are growing with a diverse set of new technologies such as the IoT or APIs. They too have unique requirements and configurations and have to be mapped and accommodated when planning for automation.

A recent survey found that 80 percent of organizations expect TLS usage to grow by 25 percent over the next five years. That’s partly due to the increasing complexity within the enterprise. That complexity comes with risks if improperly managed. Another survey revealed that 85 percent of CIOs believe that the growing complexity within IT systems is going to make certificate outages much more damaging.

Many organizations are unaware of these complexities within the corporate network. Without a concentrated effort, they’ll find themselves missing out on automation’s promises, or risk the expiry and outages of undiscovered certificates.

Primarily they need to gain visibility into their environments, and specifically their certificates; which ones they have; how they are used, and how they’re configured. A certificate management platform with discovery tools can help here. 

Certificate Discovery tools use sensors and agents to scan a network in order to find all the TLS/SSL  certificates within a given environment, regardless of the certificate authority that issued them. They’ll unearth a wealth of information including certificate statuses, issuing authorities, ports and IP addresses of the host, security ratings, expiration dates, vulnerabilities, and other security issues. Because each certificate is unique, the information gleaned here can assist in mapping the rest of your environment. 

Once all of your certificates have been discovered they can be organized on a central management platform and the work of automating renewal, revocation, request, provisioning, and update functions can begin. From there, enterprises can start using standardized automation protocols such as Automated Certificate Management Environment (ACME), Simple Certificate Enrollment Protocol (SCEP) or Enrollment over Secure Transport (EST), or even via REST APIs to install certificate management agents on their now-discovered web servers. It’s those agents which will be used to automate the request, renewal, and revocation of certificates.

As certificate lengths have now been shortened to one year, organizations can also consider investing in multi-year plans, so that certificates can be automatically renewed, avoid unplanned expirations, and ultimately outages.

Automation is going to have some huge benefits and when it comes to certificate management. Enterprises will save time, labor, money and so much more. They’ll avoid the creeping threat of certificate expiry, circumvent the costly outages that threaten the enterprise, and be in a far better position to adopt new technologies. With cyberattacks increasing in India by as much as 500% since the COVID-19 lockdown was imposed in March last year protecting sensitive business data has become more important than ever. Hence, it has become imperative for organizations to realize the full potential of automation along with the risk of exposing themselves to other threats. 


Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house. Unless otherwise noted, the author is writing in his/her personal capacity. They are not intended and should not be thought to represent official ideas, attitudes, or policies of any agency or institution.


Tags assigned to this article:
DigiCert Digital Certificates

Avesta Hojjati

The Author is the Head of Research and Development at DigiCert

More From The Author >>