Skip to main content
banner image
venafi logo

Overcoming Certificate Security Risks for DevOps: Managing Machine Identities in Hybrid Clouds [Part 3]

Overcoming Certificate Security Risks for DevOps: Managing Machine Identities in Hybrid Clouds [Part 3]

DevOps certificate management risks
November 25, 2019 | Anastasios Arampatzis


In my first post in this series, I discussed factors that are driving the growth of hybrid clouds. Then, in the next post I discussed some of the reasons that growth is troubling for machine identities. And now I’d like to highlight the challenges that you’ll face in developing a successful machine identity management program.
 

 

 

 

Risks of Certificate Management

 

Before you put together a strategy for managing certificates and protecting those machine identities, you’ll need to identify the risks you’ll need to mitigate. NIST SP 1800-16 identifies four risk categories as a result of poor certificate management:
 

  1. Business application outages due to expired certificates. Nearly every enterprise has experienced an application outage due to an expired certificate, including outages to major applications such as online banking, stock trading, health records access, and flight operations. Troubleshooting an incident where an application is unavailable due to an expired certificate can be complex, often requires hours to discover the source of the problem and costs enormously high amounts of money, not to mention loss of customer trust, and reputational damage.

     
  2. Undetected pivoting by attackers. While TLS server certificates enable confidentiality for legitimate communications, they can also allow attackers to hide their malicious activities within encrypted TLS connections. An attacker who establishes an encrypted connection can then begin to probe the server for vulnerabilities within that encrypted connection.

     
  3. Lack of crypto-agility. Organizations need to swiftly change TLS certificates affected by either a CA compromise or a deprecated algorithm (such as SHA-1) or protocol. The advancement of quantum computing makes the requirement of crypto-agility even more mission critical. If organizations require several weeks or even months to replace all affected certificates, during that time business applications can be either unavailable or vulnerable to security breaches.

     
  4. Server impersonation. An attacker may be able to impersonate a legitimate TLS server if the attacker is able to get a fraudulent or a compromised certificate. The attacker, then, can intercept the otherwise encrypted communications and acquire sensitive and valuable information, such as passwords intended for login to the legitimate server.
     


Certificate-related outages are a pandemic in our digital economy, and their impact is growing year over year.
 

  • In December of 2018, more than 30 million customers of multiple U.K.-based mobile providers—including O2, Tesco Mobile and Sky Mobile—lost 4G data services and/or voice capabilities in a day-long outage. In addition, services were lost by customers in 11 other countries. The outage was traced back to the expiration of one or more certificates that enabled authentication and encryption for Erickson switching equipment.

     
  • Recent reports on Equifax’s 2017 breach—from the U.S. Government Accountability Office (GAO), the House of Representatives Committee on Oversight and Government Reform and the U.K.’s Information Commissioner’s Office (ICO)—all pointed to the expiration of a certificate and the failure of internal systems to compensate for the loss of this control.

     
  • Research by Venafi reveals that the average Global 5000 company has thousands of SSL/TLS certificates spread throughout its infrastructure. It also found that this number is increasing by 25 percent year over year and that 95 percent of companies don’t know where all their machine identities, including their SSL/TLS certificates, are being used within their networks.
     

Need a blueprint for cloud operating models? Read the HashiCorp white paper.


Why You Need Visibility, Intelligence and Automation

 

Your organization will need a proven plan to combat these challenges. That includes an experience-born blueprint that helps them navigate the complex people, processes and technology issues connected with outages due to expired or misconfigured certificates. In addition, you’ll need a roadmap to your desired, transformed end state: dynamic, outage-free certificate management across their organization. For our machine identity management program to be successful, it needs to address three equally important elements to protect against machine identities risks:
 

  • Visibility into your assets and their vulnerabilities
  • Intelligence into your infrastructure and its ability to defend against the threats
  • Automation to remediate and strengthen your defenses against these threats
     

Visibility into your assets is a vital operational and security issue. It helps to anticipate workload, outages, vulnerabilities, and risk exposure. Having an updated visibility into your assets, be it your devices, your certificates or the owners of these assets is a “must have” and not a “nice to have” feature and is a great essence. We need to be able to identify all our assets to be able to protect them. A continuous visibility capability that is actively surveilling machine identities will help you to rapidly identify unauthorized access and privilege escalation and prevent a horrible breach, thus protecting your reputation from damage and avoiding all the necessary remediation costs. In other words, visibility helps you assess your risks.
 

In order to have a comprehensive intelligence across the entire machine identity lifecycle, you need to have a centralized management capability. This is crucial especially when talking about heterogeneous environments such as a hybrid cloud environment. Intelligence and insight should include all aspects of machine identity validation such as certificate enrollment, installation, renewal, and revocation to manage and protect authorized, encrypted communications between machines. It should also include data about certificate ownership and compliance with corporate policy and standing regulations. This level of machine identity intelligence will allow you to reduce the associated risks.

 

 

Automation is very important to protect the machine identities lifecycle. Automating the management processes will help remove the manual dependencies and will also eliminate any mistakes caused by human error. Using manual processes to deploy, install, rotate, and replace machine identities is inherently error-prone and resource intensive. Automation is a critical capability that will help you consistently enforce your organization's corporate machine identity policies and applicable regulatory requirements. Automation also gives you the agility to rapidly respond to critical security events such as a CA compromise or zero-day vulnerability in a cryptographic algorithm or library. 
 

What is more important is that automation can help you unify all the complex processes that are associated with managing a hybrid cloud environment. All in all, automation is about risk avoidance.
 

Do you have the visibility, intelligence and automation you need to effectively manage your organization’s machine identities?
 

Learn how security concerns can make DevOps a double edged sword. Venafi's Aaron Aubrecht explains. 

 

 

 

 


 

Related posts

 

Like this blog? We think you will love this.
devsecops-security
Featured Blog

Applying Identity to DevSecOps Processes

Identity Means Secrets

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Anastasios Arampatzis
Anastasios Arampatzis

Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years of experience in evaluating cybersecurity and managing IT projects. He works as an informatics instructor at AKMI Educational Institute, while his interests include exploring the human side of cybersecurity.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more