The IT industry continues to emphasize the need for “Zero Trust” strategies and, in tandem, more information is being shared by security professionals about the continued issues surrounding digital certificates.
These themes are captured in a new report from AppViewX and the Ponemon Institute titled, the “State of Certificate Lifecycle Management in Global Organizations”. The report, based on a survey of 1,586 Information Technology and Security professionals, seeking opinions on the challenges and strategies in digital identity and access management.
According to the report, 65 percent of organizations across the world are unable to secure and govern the growing volume of digital certificates – which amount to an average 30,000 per organization.
The root causes of these types of cybersecurity incidents include a cyberattack (57 percent), a certificate authority (CA) compromise (49 percent), or employee/third-party negligence (48 percent). Therefore, there is a mix of external, internal and over-all competency threats.
Whilst many companies are spending exorbitant amounts on managing and securing their digital assets (over $1 million), current lack of mature Certificate Lifecycle Management programs, antiquated tools, and siloed tactics to do so are limiting real success and exposing them to continued threats.
The danger is that a false sense of security within the enterprise can develop. This is notwithstanding the fact that there are probably greater cyber-risks than ever before.
This risk factor is borne out by almost half of today’s organizations having experienced one or more security incidents due to a digital certificate compromise. Such events are costly, since of the organizations that fell victim to a data breach, nearly two-thirds (58 percent) of the organizations experienced severe or very severe financial consequences.
To try and avoid falling foul of these insidious attacks, organizations are set to spend a $1.2 million this year to manage and secure their certificates.
As to whether this is money appropriately spent, the report finds that less than 15 percent of respondents consider their current CLM programs to be mature and only one third of respondents say they have an accurate inventory of all of their certificates.
To partly remediate such issues, automation is probably key. Automation holds the potential to more seamlessly manage certificates. The report finds that 52 percent of organizations have implemented this measure.