Tim Callan at Sectigo talks to Business Reporter about the high costs of manual certificate management and how to avoid them
Business Reporter: When it comes to certificate management, how are businesses exposing themselves to risks?
Tim Callan: Manual certificate management is creating huge risks within enterprise security. It’s common knowledge that managing certificates by hand (or spreadsheet) is rife with pitfalls – many of which you won’t see coming until it’s too late. The bottom line is, businesses cannot afford to risk having certificates expire, and could experience a world of hurt if they are not up-to-date and accurate. Despite this, many continue to rely on archaic processes that increase risk exposure and add significantly more administrative effort and cost to maintain.
BR: How does manual certificate management lead to errors?
TC: Unfortunately, due to the plethora of certificates that have to be managed across modern organisations, even the most dedicated administrators can make mistakes. However, a simple mistake can lead to massive consequences, making enterprises vulnerable to criminal activity and fraud, negative customer experiences, and compliance risks.
Suppose a server’s certificate expires and causes just one hour of downtime on an eCommerce website. The cumulative costs could amount to hundreds to millions of dollars, lost customers, and a tarnished brand image.
These days, especially as there are more remote workers than ever before, and network environments are far bigger than one touchpoint. Thismay include VPNs, cloud infrastructure, DevOps, mobile devices, Internet of Things, and more. As environments grow in complexity, the financial risks of failing to manage PKI certificates are increasing effectively.
BR: So, what’s the best alternative?
TC: To reduce the high costs of manual certificate management, it’s critical to address the root of the problem: human error. A cloud-based, automated system not only gives your organization speed and accuracy but also gives you peace of mind that your organization will avoid substantial damage. Technology that helps automate online trust has been around longer than you might think, making automated certificate management a time-tested, solid solution.
Instead of manual processes, you can turn to protocols such as Simple Certificate Enrollment Protocol (SCEP) and Enrollment over Secure Transport (EST), which is considered the evolution of SCEP because it uses standard TLS, and Automated Certificate Management Environment (ACME), which is a newer protocol. The ACME protocol is gaining popularity as an open-source solution, bringing down the Certificate Lifecycle Management (CLM) total cost of ownership.
With automated certificate management, the time to deploy that SSL certificate is slashed from 2 hours to seconds and can be applied at scale to the hundreds, thousands, and tens of thousands of PKI certificates that enterprises need to manage.
BR: What’s the bottom line for businesses?
TC: All certificates expire and must be renewed. It’s a routine cycle. A myriad of problems, from server downtime to massive hacks occur as a result of unnoticed certificate expirations. It’s a problem businesses simply can’t afford. That’s why manual certificate management represents more risk than organizations can tolerate, with damage potential too substantial to ignore.
Don’t let your organization fall victim to a process that can be easily automated. Automated CLM removes the potential for human error, and should be part of your security investment. Remember– the most effective security investment is security that is both easily deployed and easily used by employees.
Tim Callan is Chief Compliance Officer at Sectigo
Main image courtesy of iStockPhoto.com