Skip to main content
banner image
venafi logo

Are You Concerned about TLS Certificate Security Risks? [More than Your CIO?]

Are You Concerned about TLS Certificate Security Risks? [More than Your CIO?]

image of a man reaching into a wallet
June 30, 2020 | Emil Hanscom


TLS certificates act as machine identities, safeguarding the flow of sensitive data to trusted machines. With the acceleration of digital transformation, the number of machine identities that organizations need to trust is skyrocketing. At the same time, cybercriminals are targeting machine identities to use in attacks. In particular, TLS keys and certificates are uniquely valuable to cybercriminals because of capabilities, such as the encrypted traffic they enable.

Unfortunately, compromised machine identities can have a major financial impact. A recent AIR Worldwide study estimated that between $51 billion to $72 billion in losses to the global economy could be eliminated through the proper management and protection of machine identities.


"57,000 TLS certificates that they did not know they had"

Given the impact and growing exposure to these threats, it’s worth asking whether security teams are properly protecting their machine identities? Venafi recently conducted a study on the security and operational risks connected with machine identities used to establish encrypted SSL/TLS connections. The study evaluated the opinions of 550 CIOs from the United States, United Kingdom, France, Germany and Australia.

The study revealed that 75% of global CIOs expressed concern about the security risks connected with the proliferation of TLS machine identities. However, 93% of respondents estimated that they had a minimum of 10,000 active TLS certificates by their organizations; and 40% say they have more than 50,000 TLS certificates in use.

“According to a Venafi survey from 2018, once IT professionals deployed a comprehensive machine identity management solution, they typically found 57,000 TLS machine identities that they did not know they had in their businesses and cloud,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “This study indicates that many CIOs are likely significantly underestimating the number of TLS machine identities currently in use. As a result, they are unaware of the size of the attack surface and the operational risks that these unknown machine identities bring to their organization.”

Venafi’s study also revealed that more than half of CIOs (56%) said they worry about outages and business interruptions due to expired certificates. In addition, 97% of CIOs estimated that the number of TLS machine identities used by their organization would increase at least 10–20% over the next year.

“Whether it’s debilitating outages from expired certificates, or attackers hiding in encrypted traffic for extended periods of time, there are risks abound,” continued Kevin. “The only way to eliminate these risks is to discover, continuously monitor and automate the lifecycle of all TLS certificates across the entire enterprise network—and this includes short lived certificates that are used in the cloud, virtual and DevOps environments.”

Do you think your organization understands the security risks of TLS certificates? And, can you properly protect them? 



Related posts


Like this blog? We think you will love this.
Featured Blog

From Babuk Source Code to Darkside Custom Listings — Exposing a Thriving Ransomware Marketplace on the Dark Web

Research: Venafi and Forensic Pathways

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Emil Hanscom
Emil Hanscom

Emil is the Public Relations Manager at Venafi. Passionate about educating the global marketplace about infosec and machine-identity issues, they have consistently grown Venafi's global news coverage year over year.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more