It's time to automate your digital certificate management

When it comes to PKI and certificate management, much attention and careful scrutiny are required. Any organization needs to monitor dozens, hundreds, and thousands of certificates, each with its own specifications, lifetime, and configurations. It is a complex task that few are capable of handling on their own. That failure, in the form of expirations or unexpected outages, comes at a high cost. Certificate outages are a common problem. In 2019, 60 percent of organizations experienced a certificate-related outage. New developments, as well as old problems, are forcing greater attention to certificate management. The adoption of new technologies, such as Internet of Things devices, is behind an exponential expansion in enterprise certificate needs. Additionally, major browsers recently cut the maximum certificate lifetime in half from two years to just one. If companies were not paying attention to certificates before, they must do so now. Automating certificate management is one way to mitigate the threats involved in a mission-critical task. But organizations frequently encounter problems along the way and paralyze their automation plans, halt them completely, or at best fail to reap the rewards that automation offers. The main issue organizations encounter when trying to automate is knowing their own environment. In February, The Ponemon Institute published a study showing that 74 percent of organizations could not tell which certificates they were using. It is unsurprising that 55 percent of their respondents suffered more than four certificate outages in the past four years. Organizations need to know their environments inside and out: they need to know where their nodes are located, they need to know what types of web servers and operating systems they use, and they need to know how certificates are used within their environment. Many, unfortunately, do not. Nor is it always easy work. There is great diversity within enterprise networks. While one department might use an Apache web server, another might use nginX. Those kinds of nuances must also be adapted to spread automation throughout the environment. That task is also becoming more difficult. Companies are growing with a diverse set of new technologies, such as IoT or APIs. They also have unique requirements and configurations and must be mapped and adapted when planning automation. A recent survey found that 80 percent of organizations expect TLS usage to grow 25 percent over the next five years. That is partly due to that growing complexity within the enterprise. That complexity carries risks if managed improperly. Another survey revealed that 85 percent of CIOs believe that growing complexity within IT systems will make certificate outages much more damaging. Many organizations are unaware of these complexities within the corporate network. Without a concentrated effort, the promises of automation will be lost or they risk undiscovered certificate expiration and outages. Principally, they need to gain visibility into their environments, and specifically into their certificates; which ones they have; how they are used and how they are configured. A certificate management platform with discovery tools can help here. Certificate discovery tools use sensors and agents to scan a network to find all TLS/SSL certificates within a given environment, regardless of which certificate authority issued them. They will uncover a wealth of information, including certificate statuses, issuing authorities, ports and host IP addresses, security ratings, expiration dates, vulnerabilities, and other security issues. Because each certificate is unique, the information gathered here can help you map the rest of your environment. Once all your certificates have been discovered, they can be organized in a central management platform and the work of automating the renewal, revocation, request, provisioning, and update functions can begin. From there, enterprises can begin to use standardized automation protocols such as Automated Certificate Management Environment (ACME), Simple Certificate Enrollment Protocol (SCEP), or Enrollment over Secure Transport (EST), or even through REST APIs to install certificate management agents on their discovered web servers. It is those agents that will be used to automate certificate request, renewal, and revocation. Automation is going to have enormous benefits, particularly with respect to certificate management. Companies will save time, labor, money, and much more. They will avoid the progressive threat of certificate expiration, they will avoid costly outages that threaten the enterprise, and they will be in a much better position to adopt new technologies. With cyberattacks increasing in India by as much as 500% since the COVID-19 lockdown was imposed in March last year, protecting confidential business data has become more important than ever. Therefore, it has become an imperative for organizations to leverage the full potential of automation alongside the risk of exposing themselves to other threats.More Information