Recently, LinkedIn’s subdomains experienced a global outage. The culprit? An expired SSL certificate. Unfortunately, this incident indicates even major multinational organisations can struggle with managing their digital assets.
"Certificates provide every machine - whether it's a website, application or device, with an online identity,” says Kevin Bocek, vice president of security strategy and threat intelligence for Venafi. “Without them, machines can't trust each other when they communicate. So, when LinkedIn's certificate expired, every major browser simply stopped trusting it.”
After LinkedIn’s outage, we wondered: are organisations across ANZ properly protecting their digital certificates?
During this year’s Gartner Symposium/ITxpo on the Gold Coast, Venafi conducted a survey to see how CIOs and senior IT executives manage their keys and certificates.
The survey found that the average enterprise has around 500 SSL certificates. However, multiple enterprises have certificates in the tens of thousands. Additionally, the respondents clearly acknowledge improvement is necessary.
It’s important for any organisation managing more than one hundred certificates to use automation, yet nearly a quarter of the respondents said they use an excel spreadsheet, or similar, to manage their machine identities.
System outages are a profound concern of CIOs and IT professionals across Australia and New Zealand. However, many also indicated they lack visibility into numbers of certificates they have and where they are located.
This lack of visibility has meant that three out of four respondents experienced certificate related outages in the past 12 months, with over a third suffering 3 or more.
“Organisations have thousands of certificates to keep track of and it only takes one expired certificate to cause problems,” concludes Bocek. “To stay in control, organisations should look to automate the discovery, management and replacement of every single certificate on its network.”
The days of managing the digital identities of our employees on a spreadsheet are over, with $7 billion spent annually on Identity Access Management. Isn’t it time we started to put the same level of importance on our Machine Identities?