Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Certificate and Key Management Remains an Issue for IT Managers

Enterprise key and certificate management firm Venafi, in conjunction with Osterman Research, recently released the results of a study, which showed that most organizations fail to understand the risks associated with improper implementation and management of SSL deployments.

The sample size for the study, 174 IT / InfoSec professionals, is rather small, but the data collected by Venafi is relevant nevertheless.

Enterprise key and certificate management firm Venafi, in conjunction with Osterman Research, recently released the results of a study, which showed that most organizations fail to understand the risks associated with improper implementation and management of SSL deployments.

The sample size for the study, 174 IT / InfoSec professionals, is rather small, but the data collected by Venafi is relevant nevertheless.

Fifty-four percent of respondents, for example, admitted to having an inaccurate or incomplete inventory of their Secure Socket Layers (SSL) certificate populations. Forty-four percent of respondents admitted to manually managing digital certificates with spreadsheets and reminder notes—another worst practice related to a lack of risk recognition. Forty-six percent of respondents indicated that they could not generate reports to discover how many currently deployed digital certificates were set to expire within the next 30 days.

Seventy percent said their encryption systems were not integrated with their corporate directories. Forty-three percent of respondents said they do not have centralized corporate policies that mandate specific encryption-key lengths, certificate validity periods and private-key administration requirements. Finally, forty-four percent of these respondents acknowledged that they were worried, but had not yet re-evaluated their CA compromise and related business continuity strategies, while only 17 percent had.

“The importance of sound certificate management practices is highlighted by the repeated certificate authority (generally referred to as CA) breaches over the past year,” said Michael Osterman, president of Osterman Research.

“We were startled by the lack of urgency regarding the issue. When considered in tandem with the high-value target CAs represent to hackers, we can predict more CA breaches and more security threats than we saw in 2011.”

Written By

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...