Skip to main content
banner image
venafi logo

Maximizing Your CA Agility: Why This Issue Is So Important Right Now

Maximizing Your CA Agility: Why This Issue Is So Important Right Now

crypto agility
June 7, 2017 | Kevin Bocek

Over the past year, more and more CISOs and security architects have expressed concern over the lack of agility in their machine identity programs. Many teams are not prepared or equipped to respond quickly to changes, especially in regards to their digital certificates.

This situation should not come as a surprise. The security industry has become increasingly aware of issues with agility. For example, a pair of Gartner analysts I work with frequently, David Mahdi and Mark Horvath, have dedicated an entire research note to the topic: “Better Safe Than Sorry: Preparing for Crypto-Agility.” Why? Well, in this blog, I’ll examine the rising tide of events that has brought agility to the forefront of the encryption industry.

There are many reasons why Global 5000 organizations demand agility. First and foremost, cyber criminals, from fraudsters to nation state attackers, have taken advantage of the power of trusted certificates. Responding to these attacks requires organizations to quickly locate and replace compromised certificates, often in large batches.

Unfortunately, it is now easier than ever for cyber criminals to obtain fraudulent certificates. Recently, Let’s Encrypt issued over 14,000 certificates for PayPal phishing websites. This misuse of trust now requires average users to be cautious around the green, glowing padlock websites once used to display security confidence.

In addition, many organizations face operational challenges with certificate authorities (CAs) that have led to their businesses becoming untrusted for extended periods of time. In October 2016, for example, issues with GlobalSign locked users out of websites for days. In additional, GoDaddy recently reported and fixed a bug that required thousands of certificates to be revoked and replaced.

And finally, C-level employees are also closely examining p the recent agreement between Google and Symantec regarding the operational and browser compatibility of Symantec certificates. We have covered this story from the week it broke.

All of these issues highlight the challenge, and need, for organizations to have the capability to change, revoke and reissues certificates and CAs quickly and efficiently.

Hopefully, these challenges will serve as a wake-up call for organizations that haven’t focused on optimizing their CA business processes and dependencies.

What steps are you taking to build your CA agility?


Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Kevin Bocek
Kevin Bocek

Kevin is Vice President of Security Strategy & Threat Intelligence at Venafi. He is recognized as a subject matter expert in threat detection, encryption, digital signatures, and key management, and has previously held positions at CipherCloud, PGP Corporation and Thales.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more