Human and machine identities need to be secured now

A finger pressing a padlock icon
(Image credit: Shutterstock)

Rapid digital transformation and remote working have massively increased the number of users and devices that need access to corporate systems, connecting to enterprises from a vast spread of locations and networks. This means every human and machine that is logging in to these systems needs a way to strongly and securely identify themselves. Digital certificates offer the best, strongest, and most standardized way to identify any entity – but business transformation and growth has led to an exponentially increasing number of digital certificates to manage. Dealing with digital certificate management at scale is a task that is often too complex and time-consuming for humans to do alone.

About the author

Nick France is CTO at Sectigo.

Public Key Infrastructure (PKI) certificates are imbued with complex, cryptographic algorithms that verify the identity of a website or network and the entity connecting to it, essentially acting like a ‘passport’ to enable safe access to systems. Thus, these certificates allow businesses to safely operate, websites to connect to browsers, and devices to communicate with each other. However, with every new employee or device added to the network, identity security becomes more complex, and cybersecurity risks skyrocket. The key to solving this problem lies in smart Certificate Lifecycle Management (CLM).

Just one ignored certificate can let bad actors into enterprise systems, which can be devastating to global companies that hold vast amounts of sensitive customer data. Take the recent GoDaddy breach, for example, whereby 1.2 million users had their data exposed. Sadly, this incident isn’t isolated. In 2018, an expired certificate by Ericcson took millions of smartphones across 11 countries offline. A certificate outage of this sort is entirely preventable if enterprises prioritized proper maintenance when managing and reviewing their certificates. Despite this, many do not.

Without implementing a smart certificate management system, the current rapid rate of digitalization will make these outages far more commonplace.

The challenges of certificate management

The challenge for businesses is to find a reliable solution that can accurately manage this rapidly growing number of certificates. Certificates often have wildly varying lifespans, from hours to years, for different use cases and therefore all certificates deployed by an enterprise need round-the-clock governance, renewal, and revocation to ensure networks are secure.

The problem is compounded by the fact that certificate lifespans are shortening and new certificate use cases like passwordless, Robotic Process Automation, and Remote Identity Validation are continuing to emerge.

The manual method of managing certificates that so many businesses rely on is not only redundant but also potentially dangerous. Managing this critical utility by hand (or spreadsheet) is rife with human error. Placing faith in these archaic processes increases the risk of exposure and adds significantly more administrative effort and cost to maintain them.

Automation is key

It's critical to address the root of the problem associated with manual certificate management: human error. A cloud-based, automated system for handling certificate discovery and renewal not only gives organizations speed and accuracy but the peace of mind of knowing that they can more safely press ahead with digital transformation and hybrid-working. If certificate management is smartly automated, it can easily track things such as expiration dates, notify IT professionals when they’re approaching, and help to replace them without any additional manual labor from already overstretched IT teams.

However, while automation can alleviate a large amount of the pain points associated with the certificate management process, the complexity of the task does not end there. There is no single vendor of digital certificates, and many Certificate Authorities (CAs) that issue them do not work together. This means that even the most sophisticated CLM solutions cannot oversee the multitude of different CA-issued certificates in an organization. Additionally, organizations often issue certificates their own internal CAs that are frequently forgotten about, or left unmanaged, until the day a missed expiry causes an outage.

This has prompted the latest innovation in the space, CA agnostic CLM, which is allowing enterprises to manage every certificate in their organization, no matter what CA that it originated from. With an agnostic approach, total certificate lifecycle management will be made possible.

Shoring up certificates

In today’s uncertain world, enterprises have to juggle a myriad of different tasks just to establish business continuity, whilst also fighting off a rising 31% increase in cyber threats. Pressing ahead with digital transformation projects without a keen eye on certificate management is a fast way to set a business up for failure.

Despite all the good intentions in the world, new devices, hybrid working, and hiring expansions can all create openings. These openings could be exploited by bad actors, causing phishing or ransomware attacks, or plant the seed for a company-wide outage if certificates are not managed in a reliable, automated fashion. As enterprises continue to grow, invent, and adopt new technologies, the survival of their operations hinges on automated CA agnostic CLM.

At TechRadar, we've featured the best privacy tools and anonymous browsers.

Nick France is CTO at Sectigo. He is responsible for the technology and practices necessary to operate Sectigo’s global Certificate Authority (CA) and related services.