CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Certificate and Key Management Remains an Issue for IT Managers

Enterprise key and certificate management firm Venafi, in conjunction with Osterman Research, recently released the results of a study, which showed that most organizations fail to understand the risks associated with improper implementation and management of SSL deployments.

The sample size for the study, 174 IT / InfoSec professionals, is rather small, but the data collected by Venafi is relevant nevertheless.

Enterprise key and certificate management firm Venafi, in conjunction with Osterman Research, recently released the results of a study, which showed that most organizations fail to understand the risks associated with improper implementation and management of SSL deployments.

The sample size for the study, 174 IT / InfoSec professionals, is rather small, but the data collected by Venafi is relevant nevertheless.

Fifty-four percent of respondents, for example, admitted to having an inaccurate or incomplete inventory of their Secure Socket Layers (SSL) certificate populations. Forty-four percent of respondents admitted to manually managing digital certificates with spreadsheets and reminder notes—another worst practice related to a lack of risk recognition. Forty-six percent of respondents indicated that they could not generate reports to discover how many currently deployed digital certificates were set to expire within the next 30 days.

Seventy percent said their encryption systems were not integrated with their corporate directories. Forty-three percent of respondents said they do not have centralized corporate policies that mandate specific encryption-key lengths, certificate validity periods and private-key administration requirements. Finally, forty-four percent of these respondents acknowledged that they were worried, but had not yet re-evaluated their CA compromise and related business continuity strategies, while only 17 percent had.

“The importance of sound certificate management practices is highlighted by the repeated certificate authority (generally referred to as CA) breaches over the past year,” said Michael Osterman, president of Osterman Research.

“We were startled by the lack of urgency regarding the issue. When considered in tandem with the high-value target CAs represent to hackers, we can predict more CA breaches and more security threats than we saw in 2011.”

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.