Skip to main content
banner image
venafi logo

Forrester Research Uncovers Gaps in Mobile Certificate Security

Forrester Research Uncovers Gaps in Mobile Certificate Security

January 19, 2015 | Patriz Regalado

The increasing reliance on mobile devices and applications is driving the need for mobile certificates to ensure that devices and applications are secure, authenticated, and encrypted for enterprise users. But failing to protect mobile certificates—to whom they are issued and when they need to be revoked—opens the door to unauthorized access, data leakage, and intellectual property theft.  The fact is that keys and certificates of all kinds, including mobile certificates, are being targeted to initiate and continue attacks every single day.

However, research published by Forrester Research uncovers that IT security professionals are not fully aware of the implications of what is required to protect mobile certificates. This creates gaps in understanding how to perform the most critical functions necessary for securing mobile certificates.

IT Security’s Role in Protecting Mobile Certificates

Forrester Research: Protecting Mobile Certificates

A study by Forrester Research found that a majority of IT security decision makers rely on digital certificates to secure their mobile applications and systems, such as VPN, Mobile Device Management (MDM), email, WIFI, SSL/TLS mobile applications, and Mobile Application Management (MAM). Nearly 80% of IT security professionals acknowledge they own the responsibility for protecting mobile certificates. And two-thirds or more of IT security decision makers believe they should own responsibility for security functions, including certificate issuance, policy, updates, deployment, and revocation.

Gaps in Security Awareness

Although most agree that they are responsible, 77% of IT security professionals who responded to the survey said that they have very little visibility into the applications, users, use cases, and security of mobile certificates, and 71% said they do not have full control.  But what’s even more shocking, one of the most important functions—detecting anomalies—is a task that IT security is not prepared to perform.  Only 38% claim they have the ability to detect mobile certificate anomalies, such as duplicate certificates, or active certificates issued to terminated employees, both of which can be used for unauthorized access.

IT Security Visibility of Mobile Certificates

IT Security Does Not Have Full Visibility or Control of the Use of Mobile Certificates.
Source: Forrester Research – IT Security’s Responsibility: Protecting Mobile Certificates


Closing the Gaps

So what can you do to close the gaps that exist in mobile certificate security?  Forrester Research recommends the following steps that enterprise organizations should take to protect mobile certificates:

  • Establish common policy across applications and desktops, laptops, tablets, and phones
  • Identify all sources of certificates
  • Map all found certificates to a single user and establish a baseline
  • Enforce policy for all mobile certificates
  • Detect anomalies like duplicate certificates or unrevoked certificates for terminated employees
  • Respond quickly to anomalies with kill-switch-like revocation
  • Prepare to quickly remediate when incidents like Heartbleed occur that require all certificates to be rekeyed, reissued, and revoked

To learn more, read the Forrester Research study, IT Security’s Responsibility: Protecting Mobile Certificates.

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like


Meet Us at Black Hat 2015: Blue Coat and Venafi Security Experts Discuss How to Combat SSL/TLS Encry


4 Ways to Arm Your Incident Response Team for Rapid Key and Certificate Remediation


$600 Million Dollar Question: Is Your Company’s IAM MIA?

About the author

Patriz Regalado
Patriz Regalado
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more