One of the things that server administrators routinely issue are digital certificates that authenticate users and other servers trying to access their servers. While encryption is generally considered a good security practice, the trouble is that nobody seems to be managing the overall process associated with managing these certificates. And now that IT organizations have been issuing these certificates for years, there are hundreds, maybe even thousands, of them to manage. Worse yet, chances are good that more than a few of these certificates are unaccounted for, lost or outright stolen.
A survey of 471 senior managers conducted by Venafi, a provider of key and certificate management tools, finds that there are more than a few IT organizations that are not completely sure where their digital certificates are and who might have access to the keys that go with them.
But while this issue has yet to reach of full-blown crisis, Venafi CEO Jeff Hudson says the proliferation of virtual servers means that there will be more certificates than ever floating around the organization. In fact, the number of digital certificates that IT organizations need to manage is growing at a rate of 200 percent a year, and many of those certificates are being issued by multiple authorities.
From Venafi’s perspective, this is all good news. The company provides tools for managing digital certificates regardless of how many authorities are involved. To that end, the company recently released Venafi Encryption Director 6, which adds additional types of key managers and enhanced discovery and monitoring tools for digital certificates.
Beyond having their digital certificates misplaced or misappropriated, Hudson says the other issue that IT organizations will soon have to deal with is the simple fact that digital certificates expire. It’s not uncommon for users or servers to experience a service disruption simply because no one realized a digital certificate.
At the end of the day, digital certificates are nothing less than the keys to the digital kingdom. And like most sets of keys, the more you have, the more likely it is that you're going to lose one.
To mitigate the risks of shadow IT, organizations must demonstrate the necessary agility and high quality of complex service assurance that users are looking for. ... More >>
Successful IT leaders have to have very specific skills, but still know how to run a team, meaning they must master the so-called soft skills that are not taught formally. ... More >>
How does Dev balance the pressure for speed with the need to ensure quality? Here are a few best practices for striking an appropriate balance to ensure that speed and quality is not an either/or choice. ... More >>