Skip to main content
banner image
venafi logo

Forrester Research Uncovers Gaps in Mobile Certificate Security

Forrester Research Uncovers Gaps in Mobile Certificate Security

January 19, 2015 | Patriz Regalado

The increasing reliance on mobile devices and applications is driving the need for mobile certificates to ensure that devices and applications are secure, authenticated, and encrypted for enterprise users. But failing to protect mobile certificates—to whom they are issued and when they need to be revoked—opens the door to unauthorized access, data leakage, and intellectual property theft.  The fact is that keys and certificates of all kinds, including mobile certificates, are being targeted to initiate and continue attacks every single day.

However, research published by Forrester Research uncovers that IT security professionals are not fully aware of the implications of what is required to protect mobile certificates. This creates gaps in understanding how to perform the most critical functions necessary for securing mobile certificates.

IT Security’s Role in Protecting Mobile Certificates

Forrester Research: Protecting Mobile Certificates

A study by Forrester Research found that a majority of IT security decision makers rely on digital certificates to secure their mobile applications and systems, such as VPN, Mobile Device Management (MDM), email, WIFI, SSL/TLS mobile applications, and Mobile Application Management (MAM). Nearly 80% of IT security professionals acknowledge they own the responsibility for protecting mobile certificates. And two-thirds or more of IT security decision makers believe they should own responsibility for security functions, including certificate issuance, policy, updates, deployment, and revocation.

Gaps in Security Awareness

Although most agree that they are responsible, 77% of IT security professionals who responded to the survey said that they have very little visibility into the applications, users, use cases, and security of mobile certificates, and 71% said they do not have full control.  But what’s even more shocking, one of the most important functions—detecting anomalies—is a task that IT security is not prepared to perform.  Only 38% claim they have the ability to detect mobile certificate anomalies, such as duplicate certificates, or active certificates issued to terminated employees, both of which can be used for unauthorized access.

IT Security Visibility of Mobile Certificates

IT Security Does Not Have Full Visibility or Control of the Use of Mobile Certificates.
Source: Forrester Research – IT Security’s Responsibility: Protecting Mobile Certificates


Closing the Gaps

So what can you do to close the gaps that exist in mobile certificate security?  Forrester Research recommends the following steps that enterprise organizations should take to protect mobile certificates:

  • Establish common policy across applications and desktops, laptops, tablets, and phones
  • Identify all sources of certificates
  • Map all found certificates to a single user and establish a baseline
  • Enforce policy for all mobile certificates
  • Detect anomalies like duplicate certificates or unrevoked certificates for terminated employees
  • Respond quickly to anomalies with kill-switch-like revocation
  • Prepare to quickly remediate when incidents like Heartbleed occur that require all certificates to be rekeyed, reissued, and revoked

To learn more, read the Forrester Research study, IT Security’s Responsibility: Protecting Mobile Certificates.

Like this blog? We think you will love this.
man putting his hand in the middle of a row of falling dominos to prevent the other half from falling
Featured Blog

5 Ways to Prevent Unauthorized Access of Misused Mobile Certificates

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Patriz Regalado
Patriz Regalado
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more