Skip to main content
banner image
venafi logo

Venafi Study Results: Will We See Future Browser Distrust Events?

Venafi Study Results: Will We See Future Browser Distrust Events?

browser distrust
April 12, 2018 | Eva Hanscom

Last year, researchers affiliated with Google decided that Symantec, and their affiliated CAs, had mis-issued thousands of Transport Layer Security (TLS) certificates. As a result, Chrome researchers announced a formal plan to remove trust from Symantec-issued certificates. The first deadline is April 17th, when Chrome 66 and Mozilla will distrust Symantec TLS certificates issued prior to June 1, 2016.

Unfortunately, security events are not uncommon in the CA industry. There are many reasons why organizations need the ability to rapidly switch CAs.

“CAs have a very difficult job and they deal with many complexities that are outside their control,” says Mike Dodson, global head of security architects for Venafi. “Every CA is exposed to risks; and CA compromises and errors can leave organizations scrambling to find and replace many certificates in a short amount of time.”

Venafi recently conducted a study to see how prepared organizations are when responding to Certificate Authority (CA) errors and browser distrust events. The study includes responses from eleven hundred IT security professionals who are knowledgeable about CAs from the U.S., U.K. and Germany, France and Australia.

According to the results, IT security professionals are troubled by future CA incidents, but very few have the tools needed to switch CAs quickly. For example, 81% of respondents are concerned about future incidents involving CAs. However, if they were affected by a major event like a CA security breach, only 23% said they are completely confident in their ability to quickly find and replace all their impacted certificates.

Additional findings indicate that security professionals maybe over estimating their ability to respond to a CA incident:

  • Just 15% believe that Google’s decision to distrust Symantec certificates is a one-time event.
     
  • 61% say they have a plan in place that would allow them to replace all Symantec certificates by the upcoming deadlines, but only 58% have an accurate inventory that includes the IP address of all devices where certificates that chain up to a Symantec root were installed.
     
  • Nearly two thirds (62%) are confident they don’t have certificates from unauthorized CAs but only half have controls in place to detect this.
     
  • 74% believe they can find and replace all certificates affected by a CA compromise quickly, but only 8% have an automated processes in place.

Mike concludes: “Organizations need greater control over the CAs they trust, but they also must acknowledge that they’ll never have full control. For example, browsers play a big role in how we trust CAs. Chrome and Mozilla recently decided they would no longer trust certificates issued by Symantec, and now many organizations must replace these certificates before a set deadline.”

Is your organization prepared for the next CA security event?

Related blogs

Like this blog? We think you will love this.
image of a thief reaching out from a laptop screen to grab the arm of a businessman on the other side of the screen
Featured Blog

Holiday Shoppers Beware: Look-Alike Domains Are Targeting Your Wallet

But just how prominent are these look-alike domains?

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Eva Hanscom
Eva Hanscom

Eva is Public Relations Manager at Venafi. She is passionate about educating the global marketplace about infosec and machine-identity issues, and in 2018 grew Venafi's global coverage by 45%.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat