In a recent interview with Computer Business Review, Venafi CIO & CISO Tammy Moskites discussed the importance of digital certificates. According to Tammy, machines use digital certificates to identify themselves, just as people identify themselves with user names and passwords. Essentially, digital certificates come with unique identifiable information and allow machines to communicate securely on the Internet.
Digital certificates are a foundational component of information security. “We rely on keys and certificates to know which machines can and cannot be trusted,” Tammy explained. “Imagine trying to run a business without knowing if the person you’re sending emails to is really that person or just an imposter.”
Unfortunately, enterprises frequently overlook the security of their digital certificates. Cyber criminals often abuse, steal or create fraudulent certificates to intercept and eavesdrop on communications, potentially allowing them alter the communication between two machines. In addition, attackers can use certificates to sign malware, making it appear to come from a legitimate and trusted source.
Despite these risks, most organizations spend most of their time and effort securing usernames and passwords. “Security professionals need to adopt the same approach to certificates as they have for users,” said Tammy. “No CISO would accept having thousands of unknown users accessing their networks, yet the average enterprise has around 16,500 unknown certificates on their network.”
Ultimately, organizations cannot ignore the security their digital certificates. They are a vital part of every business, agency and company. Want to learn more about digital certificates and the best tactics you can employ to protect them? See the full article on Computer Business Review.