Venafi Research Reveals Enterprises Plagued by Epidemic of Stolen, Unaccounted For and Mismanaged Digital Certificates and Encryption Keys
Salt Lake City, Utah
February 8, 2011
Lost, Stolen and Unaccounted for Encryption and Digital Certificate Technologies Lead to Unquantified and Unmanaged Risk, Stuxnet– and WikiLeaks–Style Incidents, and Systems Downtime
Venafi, the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions, today announced availability of its 2011 Venafi Encryption Key and Digital Certificate Management Report. The report reveals that organizations are deploying increasing numbers of digital certificates and encryption technologies, but that these security assets are also becoming lost, stolen and unaccounted for in epidemic proportions. Ironically, digital certificates and encryption keys are critical components of all information security programs, but they become dangerous liabilities when they go missing and find their way into the wrong hands.
It is well documented that digital certificates played a key role in the Stuxnet attack that destroyed multiple centrifuges in an Iranian nuclear facility, and it is widely accepted that lost encryption keys can provide malicious insiders access to valuable corporate information revealed on high–profile whistle–blower sites such as WikiLeaks. Venafi compiled results from market and analyst report research, from a 471–respondent survey that included managers up to C–level executives from enterprise–class organizations within multiple industries, and from prior market surveys.
Respondents surveyed reported the following:
51 percent stated they had experienced either stolen or unaccounted-for digital certificates, or that they were uncertain if their organizations had lost, stolen or unaccounted–for digital certificates in general.
54 percent stated they had experienced either stolen or unaccounted for encryption keys, or that they were uncertain if their organizations had lost, stolen or unaccounted for encryption keys in general.
Exacerbating the problem is the volume and diversity of encryption technologies and certificate authorities (CAs) organizations must deal with on a daily basis. The number of encryption assets in their inventories grows regularly, and scattered individuals and teams frequently manage them. According to the survey findings:
46 percent of organizations are managing at least 1,000 digital encryption certificates; 20 percent are managing more than 10,000.
83 percent of organizations are managing technologies from at least two different CAs; 18 percent are dealing with more than five.
88 percent of organizations have multiple administrators managing encryption keys; 22 percent have more than 10.
42 percent of organizations manage encryption technologies from at least four vendors; 8 percent are dealing with more than 10.
Fifty–nine percent of the respondents surveyed worked in organizations with more than 5,000 employees. Respondents' organizations spanned a wide range of industries, including high tech, telecommunications, banking/financial services, energy/oil and gas, government, aerospace, manufacturing and retail. Among the respondents was one of the world's largest food distributors and consumer retailers. To access the complete report, visit: www.venafi.com.
Learn More about Venafi and Customers at RSA Conference 2011
This announcement comes on the heels of the recently announced Venafi Encryption Director 6 product release. Director is recognized by customers and analysts as the only security platform that can fully automate EKCM processes that allow organizations to automate discovery, monitoring, validation, management and security of the most commonly used encryption assets. During RSA Conference 2011, Monday, Feb. 14 through Thursday, Feb. 18, Venafi will be providing on–demand demonstrations of Director 6 in its booth (# 1843) during exhibition hours. Register to attend the RSA Conference case–study session where two Venafi customers–a Fortune 250 financial services payment–processing company and a Fortune 100 high-tech products and services company–will share their experiences in managing encryption keys and certificates across their large enterprise environments. For a free exhibition floor pass, visit the RSA Conference 2011 website and use code EC11VNF.