Enabling Pain-Free SSL Certificate ManagementAugust 16, 2013 No Comments
Featured article by Brad Rowland, Senior Director of Product Marketing, Symantec
There are a lot of important details in life that we don’t give much thought to on a daily basis, until something goes wrong. When we pull a back muscle, for example, we realize that almost every movement we make is affected, and we can find ourselves in constant pain. Unfortunately, we’re frequently subjected to similar phenomena in business IT. With daily fires to put out, we see manifestations of this experience all the time. One such area of occurrence is in SSL certificate management. They are a vital part of keeping our web resources operational, but they’re an area that can be easy to neglect – until we find out that our website is being flagged as potentially harmful when our customers try to access it.
Certificate Management Challenges
The recent Certificate Management Survey conducted by Symantec reveals some of the key challenges businesses are facing when it comes to maintaining certificates effectively:
- One of the most significant issues facing businesses today is the sheer number of certificates there are to manage. In fact, on average organizations are now managing nearly 2,000 certificates. One-third of companies surveyed felt that their certificate catalogue is less than somewhat accurate.
- Because of the high number of certificates, and the fact that they originate from different authorities, companies may employ multiple methods of certificate management. The certificates may be located in different areas due to distributed networks, and be subjected to different security policies. The end result is you have certificates with different management procedures, which means that there is no central view of all the certificates in an organization. This lack of visibility creates IT challenges in situations such as the migration from 1024-bit to 2048-bit certificates which requires knowledge of what certificates are being used and where they are stored. Another situation could arise when an SSL administrator leaves the company. If the administrator did not pass on the knowledge of the certificates, these certificates could be neglected.
- Another common issue is poorly configured or improperly installed certificates, as well as certificates that have expired. This can result in security compromises of web properties, as well as reduced customer confidence – and the decision to go to a competitor’s site. If the certificates are used to secure server to server communications within an organization, expired certificates can lead to production downtime.
As a result of these issues, businesses are incurring significant losses. The Symantec survey revealed that the average organization ended up losing $222,000 just in the last year due to a variety of certificate-related mishaps. This was due in part to the installation of rogue certificates, or those that are generated without any IT oversight. In fact, 82 percent of organizations have seen rogue certificate issues. These unauthorized certificates can violate corporate policies, and they also increase the likelihood of customer service issues. Not only that, but they put corporate information at risk through problems such as unsecure key length or algorithm. They may even be issued by a certificate authority with security breaches, which gives attackers the opportunity to compromise affected customers.
Best Practices for Certificate Management
Surprisingly, according to the survey more companies are using a simple document or spreadsheet to manage certificates than are using commercial software. This manual procedure makes it even easier for certificates to slip through the cracks. Most of these challenges can be overcome by deploying an effective SSL certificate management solution. This can serve several key functions.
- First and foremost, a certificate management tool can automate the discovery and monitoring of all certificates – wherever they are installed, even on distributed networks. This not only helps prevent problems, but it can save IT employees a significant amount of time spent in tracking down and rectifying issues.
- Similarly, the management solution should work with SSL certificates from a variety of authorities, and it should manage self-signed certificates as well. Having one central point of control for all certificate activity is the goal. To further simplify the management process, you should be able to access certificate controls remotely with a web-based console.
- The management of the entire certificate lifecycle can also be automated. When administrators are unfamiliar with the SSL installation, transfer and renewal process (including notification when certificate renewal is needed), or if they simply have limited manpower, this management can reduce overhead and free up staff to handle other initiatives, while avoiding the consequences of improperly set up certificates.
- You will need to be able to generate reports on all certificates within your organization, allowing you to verify compliance with regulations. Moreover, with IT administrators and executives requiring different levels of information (i.e., technical issues as opposed to business risks), you should be able to generate reports that contain the right information for the right people.
Unfortunately, companies are in denial when it comes to the importance of maintaining healthy SSL certificate management, and the impact it could have on their business. More than half of the companies surveyed felt that if a customer encountered an expired certificate when making an online purchase, they would continue with the transaction. When customers were asked the same thing, however, only 27 percent said they would complete the transaction.
With so much at stake, in terms of company perception and actual revenue, it’s important that businesses recognize the importance of comprehensive SSL certificate management. Look for a solution that will make management painless, which will free up IT resources while making your business more secure – and let you keep SSL from causing you pain.