![Overcoming Certificate Security Risks for DevOps: Managing Machine Identities in Hybrid Clouds [Part 3] - cover graphic](/_next/image/?url=https%3A%2F%2Fcdn.venafi.com%2F994513b8-133f-0003-9fb3-9cbe4b61ffeb%2Fa3367aca-7238-440d-ad8d-3a8a95a0d553%2Faid_field_img__c883a23056eabb320c2c4e1f7bcad480.jpg%3Fw%3D864%26h%3D370%26fm%3Dwebp%26q%3D75%26fit%3Dcrop&w=3840&q=75&dpl=dpl_H1HoLru8zbnj4wwarzUVadLRmxGZ){kind=small}
In my first post in this series, I discussed factors that are driving the growth of hybrid clouds. Then, in the next post I discussed some of the reasons that growth is troubling for machine identities. And now I’d like to highlight the challenges that you’ll face in developing a successful machine identity management program.
Risks of certificate management
Before you put together a strategy for managing certificates and protecting those machine identities, you’ll need to identify the risks you’ll need to mitigate. NIST SP 1800-16 identifies four risk categories as a result of poor certificate management:
- Business application outages due to expired certificates. Nearly every enterprise has experienced an application outage due to an expired certificate, including outages to major applications such as online banking, stock trading, health records access, and flight operations. Troubleshooting an incident where an application is unavailable due to an expired certificate can be complex, often requires hours to discover the source of the problem and costs enormously high amounts of money, not to mention loss of customer trust, and reputational damage.
- Undetected pivoting by attackers. While TLS server certificates enable confidentiality for legitimate communications, they can also allow attackers to hide their malicious activities within encrypted TLS connections. An attacker who establishes an encrypted connection can then begin to probe the server for vulnerabilities within that encrypted connection.
- Lack of crypto-agility. Organizations need to swiftly change TLS certificates affected by either a CA compromise or a deprecated algorithm (such as SHA-1) or protocol. The advancement of quantum computing makes the requirement of crypto-agility even more mission critical. If organizations require several weeks or even months to replace all affected certificates, during that time business applications can be either unavailable or vulnerable to security breaches.
- Server impersonation. An attacker may be able to impersonate a legitimate TLS server if the attacker is able to get a fraudulent or a compromised certificate. The attacker, then, can intercept the otherwise encrypted communications and acquire sensitive and valuable information, such as passwords intended for login to the legitimate server.
CIO Study: Automation Vital to Address Shorter Lifespans and Massive Growth of TLS/SSL Certificates
Certificate-related outages are a pandemic in our digital economy, and their impact is growing year over year.
- In December of 2018, more than 30 million customers of multiple U.K.-based mobile providers—including O2, Tesco Mobile and Sky Mobile—lost 4G data services and/or voice capabilities in a day-long outage. In addition, services were lost by customers in 11 other countries. The outage was traced back to the expiration of one or more certificates that enabled authentication and encryption for Erickson switching equipment.
- Recent reports on Equifax’s 2017 breach—from the U.S. Government Accountability Office (GAO), the House of Representatives Committee on Oversight and Government Reform and the U.K.’s Information Commissioner’s Office (ICO)—all pointed to the expiration of a certificate and the failure of internal systems to compensate for the loss of this control.
- Research by Venafi reveals that the average Global 5000 company has thousands of SSL/TLS certificates spread throughout its infrastructure. It also found that this number is increasing by 25 percent year over year and that 95 percent of companies don’t know where all their machine identities, including their SSL/TLS certificates, are being used within their networks.
Why You Need Visibility, Intelligence and Automation
Your organization will need a proven plan to combat these challenges. That includes an experience-born blueprint that helps them navigate the complex people, processes and technology issues connected with outages due to expired or misconfigured certificates. In addition, you’ll need a roadmap to your desired, transformed end state: dynamic, outage-free certificate management across their organization. For our machine identity management program to be successful, it needs to address three equally important elements to protect against machine identities risks:
- Visibility into your assets and their vulnerabilities
- Intelligence into your infrastructure and its ability to defend against the threats
- Automation to remediate and strengthen your defenses against these threats
Visibility into your assets is a vital operational and security issue. It helps to anticipate workload, outages, vulnerabilities, and risk exposure. Having an updated visibility into your assets, be it your devices, your certificates or the owners of these assets is a “must have” and not a “nice to have” feature and is a great essence. We need to be able to identify all our assets to be able to protect them. A continuous visibility capability that is actively surveilling machine identities will help you to rapidly identify unauthorized access and privilege escalation and prevent a horrible breach, thus protecting your reputation from damage and avoiding all the necessary remediation costs. In other words, visibility helps you assess your risks.
In order to have a comprehensive intelligence across the entire machine identity lifecycle, you need to have a centralized management capability. This is crucial especially when talking about heterogeneous environments such as a hybrid cloud environment. Intelligence and insight should include all aspects of machine identity validation such as certificate enrollment, installation, renewal, and revocation to manage and protect authorized, encrypted communications between machines. It should also include data about certificate ownership and compliance with corporate policy and standing regulations. This level of machine identity intelligence will allow you to reduce the associated risks.
Automation is very important to protect the machine identities lifecycle. Automating the management processes will help remove the manual dependencies and will also eliminate any mistakes caused by human error. Using manual processes to deploy, install, rotate, and replace machine identities is inherently error-prone and resource intensive. Automation is a critical capability that will help you consistently enforce your organization's corporate machine identity policies and applicable regulatory requirements. Automation also gives you the agility to rapidly respond to critical security events such as a CA compromise or zero-day vulnerability in a cryptographic algorithm or library.
What is more important is that automation can help you unify all the complex processes that are associated with managing a hybrid cloud environment. All in all, automation is about risk avoidance.
Do you have the visibility, intelligence and automation you need to effectively manage your organization’s machine identities?
Learn how security concerns can make DevOps a double edged sword. Venafi's Aaron Aubrecht explains.
Get a 30 Day Free Trial of TLS Protect Cloud, Automated Certificate Management.
Related posts
- Moving to the Cloud Doesn’t Mean You Can Forget about Key Management
- The “Egregious 11” Have Spoken: Machine Identities in the Cloud Need to Evolve
- Why Zero Trust in the Cloud Requires On-demand Machine Identity Management
- Dynamism in the Cloud Complicates the Task of Securing Machine Communication