Critical Systems at Risk Due to Poor Key and Certificate Management - Slide 3

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Critical Systems at Risk Due to Poor Key and Certificate Management-3 Next

Forty-six percent of respondents indicated that they could not generate reports to discover how many currently deployed digital certificates were set to expire within the next 30 days. This lack of automation visibility increases the likelihood that expiring certificates will trigger unplanned system outages that last for hours or even days.

Seventy percent said their encryption systems were not integrated with their corporate directories. Directory integration enables a certificate management solution to seamlessly integrate and automatically escalate notifications when certificate owners are unreachable or unresponsive to notification and action requests. Given the high rate of turnover in positions with responsibility for certificate management, lack of integration is causing outages.

Venafi Inc., the inventor and market leader of enterprise key and certificate management (EKCM) solutions, in conjunction with Osterman Research, recently released the results of an extensive survey designed to determine how well organizations understand the risks associated with poor key and certificate management. Based on responses from 174 IT and information-security professionals, the survey reveals a significant lack of knowledge, understanding and oversight, resulting in a series of information-security vulnerabilities.

Fifty-four percent of respondents, for example, admit to having an inaccurate or incomplete inventory of their Secure Socket Layers (SSL) certificate populations. Deploying encryption solutions without maintaining comprehensive certificate and key inventories is a worst practice that jeopardizes vital business systems and processes and exposes organizations to substantial risk of security and compliance incidents.

"The importance of sound certificate management practices is highlighted by the repeated certificate authority (generally referred to as CA) breaches over the past year," said Michael Osterman, president of Osterman Research. "We were startled by the lack of urgency regarding the issue. When considered in tandem with the high-value target CAs represent to hackers, we can predict more CA breaches and more security threats than we saw in 2011."

"Organizations protect mission-critical and often regulated data with hundreds or thousands of encryption keys and digital certificates," said Jeff Hudson, Venafi CEO. "But as this survey reveals, too many companies have inaccurate or incomplete data about their security assets. The unquantified and unmanaged risks these certificates and keys pose is significant — risks magnified through the increasingly pervasive use in corporate data centers, cloud-based systems and mobile devices."

More Slideshows:

Seven Tips to Help Professionals Negotiate Like Ninjas Strengthen your confidence and impact at work.

Five Unique Ways to Use a Log Management Solution Log management solutions enable companies to monitor and analyze all kinds of activity happening on their networks.

Top Ten Desktop Virtualization Myths A closer look at the differences between Virtual Desktop Infrastructure and Intelligent Desktop Virtualization.


Related Topics : A Big Market for Big Data Jobs, Midmarket CIO, IT Management Automation, SharePoint, Technology Markets

More Slideshows

PlexxiITRoles0x IT Roles: The New Faces of Network Infrastructure

The newfound emphasis on tools and service integration is shaping a new crop of industry professionals — the actual faces behind the IT infrastructure. ...  More >>

Compliance4-190x128 GRC Programs: Building the Business Case for Value

Experience shows that organizations that manage GRC as an integrated program — involving people, processes and technologies — are more successful in delivering value to their organizations ...  More >>

IT_Man89-290x195 9 Tips for Running a 'Tween' Company

Advice and tips for entrepreneurs and companies that are no longer startups but not quite ready for an IPO, also known as "tweens." ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.