Encryption & Key Management,
Governance & Risk Management,
GRC
Visibility Gaps Increase Risk of Certificate-Driven Outages
The landscape of Transport Layer Security (TLS) and Secure Sockets Layer (SSL) certificates is evolving dramatically, with lifespans predicted to shrink to just 47 days by 2029. This shift means that the once periodic task of certificate renewal is transforming into a continuous operational function, prompting CIOs to re-evaluate their strategies concerning outage risks, automation capabilities, and governance frameworks.
In an interview with Information Security Media Group, Kevin Weiss, CEO of Sectigo, shared insights into the growing importance of effective crypto governance. He emphasized how it is becoming essential for both digital trust and maintaining operational continuity amidst this rapid transition.
Weiss has been at the helm of Sectigo’s strategy and operations, guiding enterprises as they navigate the complexities of large-scale certificate management and governance. His extensive experience spans nearly three decades in various sectors, including cybersecurity and digital identity.
One significant concern Weiss identified is how the shift to 47-day certificate lifespans is often underestimated by CIOs. Many view certificate management purely as an IT issue rather than realizing its broad implications for business continuity. With the rise of continuous renewals, the need for automation becomes critical. Current research indicates that only one-third of enterprises utilize automation for certificate deployment, leaving a considerable majority exposed to risks associated with manual processes.
In fact, without integrated automation, organizations may face severe consequences if certificates expire, potentially undermining consumer trust and compliance with regulations. The lack of visibility over certificate utilization poses an additional threat, as rogue certificates could escape detection, leading to unexpected outages.
Interestingly, inspection of existing systems often reveals a significantly larger certificate footprint, elevating unmonitored certificates to potential failure points. With the expectation of managing shorter lifespans, achieving complete visibility over all certificates becomes imperative.
Organizations will increasingly have to manage both long-lived and short-lived certificates during this transition, particularly across critical systems. Weiss suggested placing an emphasis on testing environments that impact revenue generation and customer engagement first, given the potential operational repercussions from outages in these areas.
Moreover, as the frequency of renewals escalates, the role of certificate authorities (CAs) must also adapt. They need to provide robust automation options, seamless integration with Certificate Lifecycle Management (CLM) systems, and a proven track record of reliable certificate types—all while being prepared for future cryptographic advancements and shifts to post-quantum standards.
Weiss outlined a practical three-step approach for CIOs: start with a comprehensive audit of all certificate assets to understand the full scope, implement CLM to ensure programmatic issuance and renewal while adhering to strict timelines, and design systems that allow for algorithm adaptations as cryptographic standards evolve.
As enterprises contemplate the costs associated with transitioning to quantum-safe cryptography, it is essential to integrate these initiatives within existing infrastructure refresh cycles. This strategy allows organizations to avoid high one-time expenses and mitigating ongoing operational risks, as the industry gears up for a post-quantum future that necessitates agile responses to evolving challenges.
Ultimately, proactive measures in certificate management and governance will fortify business resilience while preparing organizations to navigate the complexities of a rapidly changing cybersecurity landscape.
