Most of us are guilty of favoring instant access over online security, and with more of our lives moving to the digital realm, it’s a real challenge to adhere to a security-first mentality. As we encrypt more of our communication, it follows that the number of keys and digital certificates used to perform the encryption rises commensurately. And these keys and certificates are often sourced from various certificate authorities (CAs). This dramatic increase over the last several years, across multiple sources, has many enterprises grappling for a solution to regain control.
I was reminded of this when I saw my daughter clicking through another browser certificate warning, which was the second time in as many months… at least of which I’m aware. This is a bit embarrassing since both my wife and I work in IT security and often talk about the latest hacks and breaches with our teenage kids, hoping they’ll be a little more careful when they go online.
And while I delicately chastised my daughter for dismissing such warnings (as a father of teenagers must do), enterprises must also bear some of the blame for not ensuring the certificates supporting their online services are valid and up to date. But is the sheer volume of certificates they must now manage from multiple CAs exceeding their capabilities? It would seem so.
The chart below shows that the entire market for certificates has skyrocketed over the last few years. And like any fast growing market, new competitors are eager to enter the market, which explains the increase in CAs around the globe.
Having so many options makes it pretty easy for enterprises to source their certificates from more than one vendor. This, however, brings additional complexity since they must now secure a growing number of certificates from multiple CAs.
The root of the problem, however, is that most organizations still don’t have a good handle on where their certificates are or how many they even have. In most cases, they buy, deploy and manage tens of thousands of keys and certificates with spreadsheets.
The management challenge can be enormous, especially when you consider the increasing number of certificates scattered across the varied systems and departments across the enterprise. But not having an effective solution often leads to application outages from expired certificates and data breaches using lost or stolen certificates.
So how does a company go about addressing this problem and what would an ideal solution look like?
Venafi Trust Protection Platform is a solution that addresses all of these requirements, and it was designed from the beginning to support any CA. One of our first patents, in fact, was granted for having a flexible encryption platform that could manage and protect certificates from multiple CAs. Since then we’ve added drivers that integrate with dozens of the most popular CAs worldwide.
Leadership in securing and protecting keys and certificates means integrating with as many CAs as possible. And with a new Venafi Adaptable CA Driver that can be customized to integrate with any CA with minimal programming skills, Venafi extends its leadership even more. Now, customers have the ease and flexibility to bring advanced protection for all certificates issued from any CA.
As enterprises continue to put more emphasis on protecting their encryption environments, my hope is that we’ll see less of those expired certificate browser warnings, so I don’t have to worry about my kids ignoring them when posting yet another selfie.
How many different CAs does your enterprise use? Does your solution offer full advanced support for all of them?