The Importance of Key and Certificate Best Practices
Certificates and private keys play a critical role in securing data and systems across all types of organizations. The following table shows some of the challenges that can arise.
|Downtime and System Outages||Certificates that are not renewed and replaced before they expire can cause serious downtime and outages.|
|Private Key Compromise||Private keys used with certificates must be kept secure or unauthorized individuals can intercept confidential communications or gain unauthorized access to critical systems.|
|Compliance Violations||Regulations and requirements (like PCI-DSS) are requiring much more stringent security and management of cryptographic keys and auditors are increasingly reviewing the management controls and processes in use.|
|High Administrative Costs||The average certificate and private key require four hours per year to manage, taking administrators away from more important tasks and costs hundreds of thousands of dollars per year for many organizations.|
|Large Scale Compromises||If a certificate authority is compromised or an encryption algorithm is broken, organizations must be prepared to replace all of their certificates and keys in a matter of hours.|
|Unable to Scale Encryption||The rollout of new projects and business applications are hindered because of the inability to deploy and manage encryption to support the security requirements of those projects.|
Depending on the environment where keys and certificates are being deployed, some or all of these risks may apply. When considering implementing EKCM best practices, it helps to have an understanding of which of these risks apply to your organization. By prioritizing them and clearly communicating the importance of addressing in your organization, you can accelerate the implementation and adoption of best practices since all stakeholders will understand the tangible value to your organization.