Global CIOs admit certificate-related outages routinely impact critical business applications and services
Almost two-thirds of global organisations (60 percent) experienced certificate-related outages that impacted critical business applications or services within the last year, according to a study released by a;t :alemachine identity protection specialist Venafi.
The study of the scale and frequency of certificate-related outages on critical business infrastructure polled some 550 chief information officers from the U.S., U.K., France, Germany and Australia.
“Since certificates control authentication and communication between machines, it is important not to let them expire unexpectedly,” said Venafi VP of security strategy and threat intelligence Kevin Bocek. “And because the symptoms of a machine identity-related outage mimic many other hardware and software failures, diagnosing them is notoriously time-consuming and difficult.”
The report authors said that certificate-related outages impacted the reliability and availability of vital network systems and services while also being extremely difficult to diagnose and remediate. The survey found that the vast majority of businesses routinely suffer from these events.
In addition, 74 percent faced similar events within the last 24 months.
Venafi said certificate-related outages were likely to become more complicated, common and costly in the future. The study also found that:
- Eighty-five percent believed the increasing complexity and interdependence of IT systems will make outages even more painful in the future.
- Nearly 80 percent estimated certificate use in their organizations will grow by 25 percent or more in the next five years, with over half anticipating minimum growth rates of more than 50 percent.
- While 50 percent of CIOs were concerned that certificate outages will have an impact on customer experience, 45 percent were more concerned about the time and resources they consume.
“Recently, a machine identity-related outage impacted 32 million cellular customers in the U.K., and estimates suggest this could have cost the company over U $100 million,” said Bocek. “Ultimately, companies must get control of all of their certificates; otherwise, it’s simply a matter of time until one expires and causes a debilitating outage. CIOs need greater visibility, intelligence and automation of the entire life cycle of all certificates to do this.”
Venafi said that while humans rely on usernames and passwords to identify themselves and gain authorized access to applications and services, machines use digital certificates to serve as machine identities in order to communicate securely with other machines and gain authorized access to applications and services.
“This year, organizations will spend over $10 billion to protect and manage passwords, but they will spend almost nothing to protect and manage machine identities,” it added. “Most organisations do not have a clear understanding of how many machine identities are in use, which devices are using them, and when they will expire. This lack of comprehensive visibility and intelligence leads to outages. “
White Paper: CIO Study: Certificate-Related Outages Continue to Plague Organizations: https://www.venafi.com/resource/CIO-Study-Certificate-Related-Outages-Continue-to-Plague-Organizations