Manage Reputational Risk

Protect against the audit failures, security breaches and system outages that damage organizational reputation and weaken customer confidence.

Manage Reputational Risk

Analyst Coverage

“Cybercriminals are known to steal SSH keys or manipulate which keys are trusted to gain access to source code and other valuable intellectual property” Read More

“Advanced threat detection provides an important layer of protection but is not a substitute for securing keys and certificates that can provide an attacker trusted status that evades detection.” Read More

"Basically, the enterprise is a sitting duck."

"PKi is under attack...Advanced and persistent adversaries go for keys" Read More

"When there are many hundreds of certificates from a variety of certificate authorities, the only ecumenical [universal], nonproprietary provider of a certificate management solution is Venafi. Other CA management systems are biased toward the particular CA by, for example, only supporting renewals from that specific CA." Read More

"No CISO could consider having tens of thousands of unknown network ports open and have no way to control them. But that’s the alarming reality today with regards the trust established by keys and certificates..." Read More

"Organizations with roughly 200 or more documented X.509 certificates in use are high-risk candidates for unplanned expiry and having certificates that have been purchased but not deployed." Read More

"Technology critical to cloud computing is in clear and present danger...attacks on Secure Shell (SSH) keys present the most alarming threat arising from failure to control trust." Read More

“Certificates can no longer be blindly trusted” Read More

“Just because something is digitally signed doesn't mean it can be trusted.”

“Enterprise awareness of attacks on keys and certificates is in its infancy; most don’t understand how to detect or respond to an attack.” Read More

Inadequate key and certificate management damages organizational reputation

Encryption errors cripple competitive advantage

Companies invest heavily in their online presence to gain an edge over competitors. However, the best website design ceases to pay when, instead of the website, customers see a certificate error page. Several high-profile companies have recently experienced this embarrassing situation due to an expired or improperly installed certificate. According to a recent study, 43% of users who see an error stop using the website. Some might return later, but many switch to a competitor, perhaps permanently.

System outages weaken customer confidence

A user can choose to trust a website’s expired certificate, but many mission-critical applications do not permit this bypass. Instead the certificate issue causes the application to fail entirely, trigging a service outage. Imagine a financial institution that cannot accept transactions or a manufacturer that cannot run its assembly line–such outages are devastating for the company’s image.

Exposed encryption assets increase vulnerabilities to reputation-damaging audit failures and security breaches

Most administrators understand the importance of encryption for protecting the company from reputation-damaging security incidents. Unfortunately, many administrators undermine their own efforts by exposing encryption keys to compromise. A compromised key can lead directly an audit failure—or worse a high-profile data breach that leaves the company CEO struggling to reassure customers on the nightly news. Even an audit failure causes a loss of reputation as customers consider what might have happened.

The Immune System for the Internet