Certificate-related outages have plagued just about every organization at some time or another. And if you don’t do anything to improve the way you manage them, they tend to increase in frequency and severity. That’s what happened to a technology company that recently became a TLS Protect Cloud customer, the subject of a recently published case study.
Machine identity management was a mess
This company had experienced 27 P1 outages in the year before they deployed TLS Protect Cloud. That was a 100% increase from the previous one. One of those outages brought down the company’s email server for more than a day, while another prevented their customers from accessing their software knowledge base for several hours.
The company realized that their machine identity management strategy was, to put it kindly, a mess. They lacked a companywide strategy for TLS machine identities and the various business units that were attempting to manage them did so using spreadsheets, calendar reminders and Microsoft OneNote. Meanwhile, the lack of an enforceable corporate policy meant that:
- Certificates were being stored in unexpected locations
- End users regularly obtained certificates from unapproved Certificate Authorities (CAs)
- There wasn’t a way to enforce certificate configurations, such as minimum encryption strength
- No inventory existed for discovering and monitoring all these certificates
The company needed a solution that could help them continuously discover certificates and add them to the companywide inventory, as well as gain the necessary intelligence on those certificates, so that they could replace expiring ones before they brought about yet another outage. But the CA-based solutions weren’t the answer because they only worked with certificates issued by that CA. And they needed a solution that was quick to deploy, provided the necessary management and could scale as they grew.
TLS Protect Cloud transformed machine identity management
TLS Protect Cloud transformed the way the company managed their machine identities. According to their chief network architect:
“Before we deployed TLS Protect Cloud, resolving an outage was a nightmare. We had to figure out if the certificate even existed, find where the server was located and document the server. It was impossible to build a complete inventory, let alone one that stayed up to date. TLS Protect Cloud does it instantly.”
With the help of TLS Protect Cloud, the company found three times the number of certificates as they had originally estimated, including wildcard and self-signed certificates. But now they were able to find and replace all expiring ones before they could cause an outage.
The Venafi Customer Success Team also helped the company set up TLS Protect Cloud to configure enterprisewide machine identity policies that addressed certificate attributes and simplified workflows for certificate issuance, among other things.
And TLS Protect Cloud also optimized the way development teams built applications:
“TLS Protect Cloud also allowed [development] teams to effortlessly procure policy-compliant certificates that would optimize the reliability and security of applications. Automated Secure Keypair, a central TLS Protect Cloud feature, also made it easy for users to generate a private key and keep it safe from compromise within TLS Protect Cloud.”
Intrigued? You can read the entire case study here. But before you go, here’s a money quote from the company’s chief network architect:
“TLS Protect Cloud has transformed our business. We haven’t had a single outage since it’s been deployed. Not only have we been able to press play on running our business, but with the efficiencies that Venafi gives us, we can now press fast-forward on growth.”