Covid-19 has brought forward several digitization trends and transformations that were already underway long before the pandemic started. Enterprises that were looking at spending on initiatives such as cybersecurity, cloud computing or IOT in the coming years got an additional impetus in the form of an increased number of customers looking for services online.
Increased online presence and the complexity associated with technologies powering the underpinnings of today’s world make it difficult for organizations to keep track of the essential tasks needed to maintain uptime of their services.
And if that wasn’t enough, the fact that most companies still rely on manual processes reduces the ability of many of them to enssure uptime or solve incidents quickly and efficiently.
We may ask the question, “why does that matter?” Well, for starters, unplanned downtime and disruption lead to an increase in the number of issues and outage management tasks. That, coupled with significant losses in revenue and the potential of losing customers to rival services, makes it imperative to gain complete visibility into service availability.
CIO Study: Outages Escalating with Massive Growth in Machine Identities
Digitization and ServiceNow
When we talk about uptime and digitization, we can’t help but think of ServiceNow. ServiceNow has become the ubiquitous standard and best-of-breed tool for today’s IT managers trying to stay in control of the infrastructure and prevent outages.
One of the key facets of infrastructure readiness is maintaining a centralized database of all the infrastructure components, also known as CMDB. IT teams use CMDB to store information on the configuration of items within the organization, including hardware, software, systems, facilities, and sometimes, personnel. It is the purview of the IT organization to define which items should be tracked and how to do so. This configuration data can include relationships and interdependencies between items, the history of changes to each item, and class and attributes—such as type, owner, and importance—for each item.
One such attribute is certificate information associated with the servers hosting the applications. Commonly called SSL/TLS certificates, these machine idenditites are an essential component of a network’s Public Key Infrastructure (PKI). They act as the digital identity of a network endpoint and assure entities that communicate with the endpoint that it is legitimate. Certificates build a foundation of trust for a network and its components, since they are digitally signed by the certificate authority.
Significance of TLS certificates
Despite the fact that TLS certificates are one of the key components in powering online services, they are not that well managed—even in this current environment. A good example is the Microsoft team’s outage or the Equifax breach that happened in the not-so-distant past.
Digital certificate outages happen when an organization forgets to replace an expiring certificate for a business-critical domain name. And these outages continue to cause business disruption and security risks. Here are the ways certificate outage can impact your business:
- Failure to replace a digital certificate on a business-critical domain will lead to the loss of essential services for your customers and staff.
- An outage can weaken your defenses to a cyber-attack and lead to the loss of your customers' personal data.
As Info Security Magazine points out, CIOs are beginning to have their teams pay more attention to managing the TLS certs and thereby managing this important piece of their infrastructure puzzle. This is further validated by recent Gartner research. With the Orlando release, ServiceNow has provided a structure for its customers to manage TLS certificates.
Certificate Inventory and Management solution on ServiceNow provides a platform-centric approach to the lifecycle management of TLS certificates. This solution, combined with task fulfillment, can provide a methodical approach to the request and renewal management of expired TLS certificates. Automating manual tasks, like a request for new certificates and renewal of expired certificates, increases the productivity of the public-key infrastructure (PKI) team by ~30% and helps to digitize their manual workflows.
While this solution goes a long way in automating some of the manual tasks, IT teams still need to manage the nuances associated with the ever-changing best practices around the digital certificates on their own.
One such example is the changes recommended by Certificate Authority Browser Forum (CA/B Forum) from time to time that require organizations to define their own security and validation level, implement a digital certificate policy and establish full accounting of the digital certificates.
Venafi: Machine Identity Management
Venafi, as industry’s leading authority in machine identity management, has been helping global customers by providing solutions to manage machine identities across the enterprise.
The Venafi Trust Protection Platform removes any blind spots from encrypted traffic in real time and safely delivers trusted keys to help you maximize SSL/TLS decryption, inspection and threat protection.
Venafi manages and protects the cryptographic keys and digital certificates that all organizations rely on to keep communications between machines secure and private. Keys and certificates are designed to solve the original Internet security problem—accurately identifying servers and browsers so they can safely communicate back and forth independently.
The Venafi Platform ensures that organizations don’t need to worry about best practices and latest standards pertaining to TLS certificates and can manage end to end lifecycle with ease. That includes deployment of digital certificates on infrastructure devices and a complete accounting of the certificates that are in use across the organization.
Many Venafi customers also use ServiceNow to manage their infrastructure and need the ability to manage digital certificates lifecycle from within the ServiceNow platform.
nCert: Seamless digital certificate management using Venafi and ServiceNow
nCert, a ServiceNow application created in partnership between Nous Infosystems and Venafi, provides a seamless experience for ServiceNow. This ease of use is enabled through integrations with Venafi Trust Protection Platform that provide users with easy access to machine identities, saving them the hassle of switching through multiple systems. The app enables enterprises that run complex infrastructures using ServiceNow's ITSM and ITOM capabilities to leverage Venafi's visibility and discovery features without leaving the ServiceNow interface.
nCert empowers users with new efficiencies in managing digital certificates. It ensures improved security by reducing loopholes caused by incomplete visibility into certificate usage. The app provides a single interface to view and manage certificates—reducing errors, increasing productivity and mitigating business downtime due to the unnoticed expiration of certificates.
nCert is available today for download on the ServiceNow Store.
nCert from Nous Infosystems was developed as part of the Machine Identity Management Development Fund and the Venafi Technology Network. This vast ecosystem of partners and out-of-the-box integrations helps Venafi customers manage all machine identities and orchestrate them throughout their security infrastructure. Want to learn more? Find nCert on Venafi Marketplace.
Why Do You Need a Control Plane for Machine Identities?
Related posts