sb-as logo
Story image

Certificate-related outages impact 60% of businesses - Venafi

01 Apr 2019

Machine identity protection provider Venafi has announced the results of a study of the scale and frequency of certificate-related outages on critical business infrastructure.

Over 550 chief information officers (CIOs) from the US, UK, France, Germany and Australia participated in the study.

Certificate-related outages harm the reliability and availability of vital network systems and services while also being difficult to diagnose and remediate.

Unfortunately, the vast majority of businesses routinely suffer from these events. In fact, according to the study, almost two-thirds of organisations (60%) experienced certificate-related outages that impacted critical business applications or services within the last year. In addition, 74% faced similar events within the last 24 months.

Certificate-related outages are likely to become more complicated, common and costly in the future. The study also found that:

  • Eighty-five percent believe the increasing complexity and interdependence of IT systems will make outages even more painful in the future.
     
  • Nearly 80% estimate certificate use in their organisations will grow by 25% or more in the next five years, with over half anticipating minimum growth rates of more than 50%.
     
  • While 50% of CIOs are concerned that certificate outages will have an impact on customer experience, 45% are more concerned about the time and resources they consume.

''Recently, a machine identity-related outage impacted 32 million cellular customers in the UK, and estimates suggest this could have cost the company over US $100 million,'' says Venafi security strategy and threat intelligence vice president Kevin Bocek.

''Ultimately, companies must get control of all of their certificates; otherwise, it’s simply a matter of time until one expires and causes a debilitating outage. CIOs need greater visibility, intelligence and automation of the entire life cycle of all certificates to do this.''

While humans rely on usernames and passwords to identify themselves and gain authorised access to applications and services, machines use digital certificates to serve as machine identities in order to communicate securely with other machines and gain authorised access to applications and services.

This year, organisations will spend over $10 billion to protect and manage passwords, but they will spend almost nothing to protect and manage machine identities.

Most organisations do not have a clear understanding of how many machine identities are in use, which devices are using them, and when they will expire.

This lack of comprehensive visibility and intelligence leads to outages.

Bocek adds, ''Since certificates control authentication and communication between machines, it is important not to let them expire unexpectedly. And because the symptoms of a machine identity-related outage mimic many other hardware and software failures, diagnosing them is notoriously time-consuming and difficult.''

Story image
IT service management remains effective in remote working environments - survey
"The pandemic has brought IT organisations to the front line from the back office overnight." More
Story image
RedShield develops 'virtual shield' to protect against SAP RECON vulnerability
The vulnerability (CVE-2020-6287) could allow attackers to take over SAP systems by remotely accessing the server. More
Story image
Fortinet holds position as fastest-growing SD-WAN vendor
According to a new Omida report, the company has seen a 247% revenue growth year-on-year. Plus, Fortinet announces Fortigate 80F.More
Story image
Interview: ThreatQuotient champions threat intelligence through virtual 'situation rooms'
To understand what it involves and some of the collaboration challenges that come with distributing threat intelligence amongst specialised security teams, we spoke to ThreatQuotient APJC regional director Anthony Stitt.More
Story image
A third of millennials think they're 'too boring' to be victim of cyber attack
While many millennials are concerned at how their data is being used and whether they are being targeted by cyber-attackers, according to Kaspersky any potential action taken to tighten their online security is at ‘the bottom of their to-do list’.More
Story image
Why answering the question of orchestration vs automation will improve your security effectiveness
Organisations are looking to improve their security operations effectiveness, efficiency, and staff satisfaction, with security, orchestration, automation and response (SOAR) fast becoming a trending approach. More