Most of us are guilty of favoring instant access over online security, and with more of our lives moving to the digital realm, it’s a real challenge to adhere to a security-first mentality. As we encrypt more of our communication, it follows that the number of keys and digital certificates used to perform the encryption rises commensurately. And these keys and certificates are often sourced from various certificate authorities (CAs). This dramatic increase over the last several years, across multiple sources, has many enterprises grappling for a solution to regain control.
I was reminded of this when I saw my daughter clicking through another browser certificate warning, which was the second time in as many months… at least of which I’m aware. This is a bit embarrassing since both my wife and I work in IT security and often talk about the latest hacks and breaches with our teenage kids, hoping they’ll be a little more careful when they go online.
And while I delicately chastised my daughter for dismissing such warnings (as a father of teenagers must do), enterprises must also bear some of the blame for not ensuring the certificates supporting their online services are valid and up to date. But is the sheer volume of certificates they must now manage from multiple CAs exceeding their capabilities? It would seem so.
Digital Certificates Are Skyrocketing
The chart below shows that the entire market for certificates has skyrocketed over the last few years. And like any fast growing market, new competitors are eager to enter the market, which explains the increase in CAs around the globe.
Numerous Certificates and CAs Increases Complexity
Having so many options makes it pretty easy for enterprises to source their certificates from more than one vendor. This, however, brings additional complexity since they must now secure a growing number of certificates from multiple CAs.
The root of the problem, however, is that most organizations still don’t have a good handle on where their certificates are or how many they even have. In most cases, they buy, deploy and manage tens of thousands of keys and certificates with spreadsheets.
The management challenge can be enormous, especially when you consider the increasing number of certificates scattered across the varied systems and departments across the enterprise. But not having an effective solution often leads to application outages from expired certificates and data breaches using lost or stolen certificates.
How to Get Visibility and Control Over Certificates and CAs
So how does a company go about addressing this problem and what would an ideal solution look like?
- Complete Inventory - First, it should be able to discover and inventory the thousands of certificates from every system and every device across the enterprise. And with enterprises having an average of over 23,000 keys and certificates, this visibility is crucial.
- Automated Certificate Lifecycle - Second, it should be able to automate the lifecycle of every certificate, so it can be provisioned, enrolled, renewed, and retired automatically to ensure certificates are securely and effectively managed according to a defined security policy.
- Identification and Remediation of Abnormalities - Third, it should quickly identify anomalies across the environment, so remediation steps can be taken.
- Integration with Any CA - And, fourth, it should integrate with any legacy CA the enterprise uses and those it might add as secondary or backup CAs. And with some estimates putting the total number of CAs globally at over 600, there’s no shortage of choice for customers.
Venafi Delivers Key and Certificate Security for Any CA—Quickly and Easily
Venafi Trust Protection Platform is a solution that addresses all of these requirements, and it was designed from the beginning to support any CA. One of our first patents, in fact, was granted for having a flexible encryption platform that could manage and protect certificates from multiple CAs. Since then we’ve added drivers that integrate with dozens of the most popular CAs worldwide.
Leadership in securing and protecting keys and certificates means integrating with as many CAs as possible. And with a new Venafi Adaptable CA Driver that can be customized to integrate with any CA with minimal programming skills, Venafi extends its leadership even more. Now, customers have the ease and flexibility to bring advanced protection for all certificates issued from any CA.
As enterprises continue to put more emphasis on protecting their encryption environments, my hope is that we’ll see less of those expired certificate browser warnings, so I don’t have to worry about my kids ignoring them when posting yet another selfie.
How many different CAs does your enterprise use? Does your solution offer full advanced support for all of them?