The average number of digital certificates owned by organizations has grown over the past few years. A Ponemon study sponsored by Entrust reported that the number of certificates reached 56,192 for the average enterprise in 2020. That’s 43% higher than it was the previous year at 39,197.
Such growth in part reflects the fact that many organizations have transitioned to a remote or hybrid work model following the events of 2020. Along the way, those entities have found themselves increasingly relying on digital technology and services to serve their business requirements. It also highlights how organizations have been investing in bringing on new Internet of Things (IoT) devices, cloud services, and applications into their environment over the past few years. The result is that machine identities now far outnumber human identities. Organizations need a way to secure all these resources along with the communication between them.
This increase in digital certificates has complicated certificate management, exposing organizations to greater risk of a certificate outage. In a recent report covered by Help Net Security, for instance, nearly two-thirds of enterprises said that they were concerned about how much time they were spending on managing certificates. Over a third (37%) said that their certificate management process involved more than three different departments in the organization, leading to confusion and complicating visibility. This is evident in organizations now having an average of 1,200 unmanaged certificates, per the study. It’s also apparent in how two-thirds of organizations revealed that they experienced outages caused by certificates expiring unexpectedly, with 25% going on to admit that they suffered as many as six outages between April and October 2021.
These certificate management struggles have exacerbated two issues in particular. These are rogue certificates and shadow IT. Let’s explore both below:
To address the challenges associated with rogue certificates, organizations can use automated tools that provide real-time threat intelligence and alerts. Those solutions can inform organizations of malicious actors attempting to obtain rogue certificates from other entities in their same industry, for example. Additionally, organizations might consider using a machine identity management platform to help them fulfill their evolving operational needs, emerging industry best practices, and compliance requirements on an ongoing basis.
As for shadow IT, organizations need to get ahead of the problem and invest in their ability to discover and manage all identities, regardless of whether they’re human or machine in nature. This first step involves admitting that shadow IT is an issue in the organization. From there, IT, security, and other key stakeholders can work together to address the problem and thereby bring greater visibility to keys and certificates across the enterprise.