DIGITAL CERTIFICATE MANAGEMENT IS COMPLEX
Digital certificate outages, where an organization forgets to replace an expiring certificate for a business-critical domain name, continues to cause business disruption and is a security risk for many organizations. Digital certificate expiration will disable your website. In most cases, this is due to a poor choice of registrar, or not understanding the crucial role of domains in an organization's structure.
Enterprises with multiple websites, devices, web applications, and people require a large volume of digital certificates that need to be properly managed. Keeping track of dozens, hundreds, or possibly thousands of certificates can be a challenge for any administrator at any organization. Furthermore, there are three kinds of digital certificates, with each one translating to different levels of security (or lack thereof):
Domain Validation
This one simply covers basic encryption and verification of the domain name registration owner.
Organization Validation
This does what DV does, while authenticating certain details about the owner, such as name and address.
Extended Validation
This is the highest level of validation, requiring a thorough examination to document the legal, physical and operational existence of the domain name registration owner. It proves that the company behind the website is indeed its true owner and comes with a signature for a certificate authority key.
Organizations should balance the “need for speed” and continued commitment to the most secure of validations. Compounding an already heavy workload for certificate management, the CAB/F (Certificate Authority and Browser Forum) have voted to reduce the lifetime you can register a certificate to approximately one year (398 days), from what was previously two years. According to the Ponemon Institute's research report titled "The Impact of Unsecured Digital Identities" published in January 2019:
In total, 73% of respondents said their organizations have experienced unexpected downtime or outages due to mismanaged digital certificates, and 55% said four or more certificate-related outages have occurred in the last two years.
The majority of organizations may also be struggling with managing which keys and certificates—including those that have been self-signed—are in play, with 74% of survey respondents suggesting that their business does not know which are in use, where to find them, or when they expire.
CSC'S DIGITAL CERTIFICATE MANAGEMENT IS BUSINESS CRITICAL
Identify where existing certificates are registered
Cross-reference certificates with the live sites in the domain portfolio
Quickly consolidate certificate management onto one platform for greater visibility and efficiency
Leverage an essential technical control allowing for policy enforcement by adding CAA records on DNS zone files
WE'RE READY TO TALK
Our specialists are ready to answer your questions about digital certificate management.
* TechTarget and SearchSecurity