SSL CERTIFICATE MANAGEMENT | DIGITAL CERTIFICATES
Websites and applications act as the virtual front door for a cyber attack. On average, companies spend 225 hours manually managing 50 secure sockets layer (SSL) digital certificates a year. About 74% of enterprises have seen system outages due to unplanned certificate expiration, and over 50% have a lost or rogue digital certificate.*
DIGITAL CERTIFICATE MANAGEMENT IS COMPLEX
Digital certificate outages, where an organization forgets to replace an expiring certificate for a business-critical domain name, continues to cause business disruption and is a security risk for many organizations. Digital certificate expiration will disable your website. In most cases, this is due to a poor choice of registrar, or not understanding the crucial role of domains in an organization's structure.
Enterprises with multiple websites, devices, web applications, and people require a large volume of digital certificates that need to be properly managed. Keeping track of dozens, hundreds, or possibly thousands of certificates can be a challenge for any administrator at any organization.
Furthermore, there are three kinds of digital certificates, with each one translating to different levels of security (or lack thereof):
Domain validation (DV): This one simply covers basic encryption and verification of the domain name registration owner.
Organization validation (OV): This does what DV does, while authenticating certain details about the owner, such as name and address.
Extended Validation (EV): This is the highest level of validation, requiring a thorough examination to document the legal, physical and operational existence of the domain name registration owner. It proves that the company behind the website is indeed its true owner and comes with a signature for a certificate authority key.
Organizations should balance the “need for speed” and continued commitment to the most secure of validations.
Compounding an already heavy workload for certificate management, the CAB/F (Certificate Authority and Browser Forum) have voted to reduce the lifetime you can register a certificate to approximately one year (398 days), from what was previously two years. According to the Ponemon Institute's research report titled "The Impact of Unsecured Digital Identities" published in January 2019:
In total, 73% of respondents said their organizations have experienced unexpected downtime or outages due to mismanaged digital certificates, and 55% said four or more certificate-related outages have occurred in the last two years.
The majority of organizations may also be struggling with managing which keys and certificates—including those that have been self-signed—are in play, with 74% of survey respondents suggesting that their business does not know which are in use, where to find them, or when they expire.
PROVIDING A SAFE, ENCRYPTED ENVIRONMENT FOR ALL YOUR ONLINE TRANSACTIONS
Digital certificates are a visible guarantee of security and a valuable digital asset that must be managed to ensure they protect customers' information. Customers today expect and deserve the most stringent security whenever they shop, bank, or communicate online. SSL or transport layer security (TLS) digital certificates are the industry standard for protecting your customers' personal data. Digital certificates encrypt internet traffic data and verify the owner of domain names for security purposes, ensuring all data exchanged stays private. Internet users notice them through the tell-tale green padlock or HTTPS in their browser.
IMPLEMENT A DIGITAL CERTIFICATE POLICY WITH CAA RECORDS ON YOUR DNS ZONE FILES
As the single point of contact for our clients' domains, DNS, and digital certificate portfolios, CSC is able to implement a digital certificate policy with CAA records on their DNS zone files. A CAA record allows the domain owner to indicate which Certificate Authorities (CAs) are permitted to issue certificates for a given domain name. Not only is this an essential technical control allowing for policy enforcement, it also adds a layer of security that prevents cyber criminals from adding encryption or HTTPS with free, low validation digital certificates that do not match your records on a site to fool targets in a domain shadowing attack.
CSC'S DIGITAL CERTIFICATE MANAGEMENT IS BUSINESS CRITICAL
Identify where existing certificates are registered
Cross-reference certificates with the live sites in the domain portfolio
Quickly consolidate certificate management onto one platform for greater visibility and efficiency
Leverage an essential technical control allowing for policy enforcement by adding CAA records on DNS zone files
WE'RE READY TO TALK
Our specialists are ready to answer your questions about digital certificate management.
* TechTarget and SearchSecurity