Inadequate key and certificate management frustrates disaster recovery plans
Disaster recovery (DR) often evokes data lost in the wake of a natural disaster. However, issues with encryption, which has become the standard for securing sensitive data, can exact equally harsh consequences. Encryption disasters come in two forms—security issues that require a complete certificate refresh and data losses as a result of lost keys.
Incomplete and inaccurate inventories prevent companies from responding to encryption disasters
The following incidents require a company to refresh all certificates affected by the incident:
- CA private key compromise
- Encryption algorithm breach
- Encryption technology defect
Most administrators, who rely on spreadsheets and memory to track certificates, have no idea where to begin a refresh—let alone how to manually perform the 20-step renewal process for each of thousands of certificates without incurring extensive and costly downtime.
Poor key management processes result in lost data and interrupted services
In a recent Venafi study, 43% of respondents admitted that they had lost data due to lost or withheld keys.
If administrators struggle to track keys during normal operations, they have little hope to deliver seamless recovery in a true DR situation. Investing in a DR site does little good unless all necessary encryption keys are properly deployed to that site. In addition, if servers in a fail-over site have expired certificates, the services will not fail over correctly at the critical moment.
