TLS certificates are a top security concern for businesses
A new study by machine identity protection specialists Venafi of the opinions of 550 chief information officers (CIOs) from the US, UK, France, Germany and Australia finds that 75 percent name TLS certificates as their top concern.
TLS certificates act as machine identities, safeguarding the flow of sensitive data to trusted machines and, thanks to the acceleration of digital transformation, the number of machine identities is rising.
At the same time though cybercriminals are targeting machine identities, including TLS keys and certificates, and their capabilities, such as the encrypted traffic they enable, to use in attacks.
The findings show that 75 percent of global CIOs expressed concern about the security risks connected with the proliferation of TLS machine identities. More than half of CIOs (56 percent) say they worry about outages and business interruptions due to expired certificates.
A massive 97 percent estimate that the number of TLS machine identities used by their organization would increase at least 10–20 percent over the next year. Also 93 percent of respondents estimate that they have a minimum of 10,000 active TLS certificates by their organizations, with 40 percent saying they have more than 50,000 TLS certificates in use.
"According to a Venafi survey from 2018, once IT professionals deployed a comprehensive machine identity protection solution, they typically found 57,000 TLS machine identities that they did not know they had in their businesses and cloud," says Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. "This study indicates that many CIOs are likely significantly underestimating the number of TLS machine identities currently in use. As a result, they are unaware of the size of the attack surface and the operational risks that these unknown machine identities bring to their organization. Whether it’s debilitating outages from expired certificates, or attackers hiding in encrypted traffic for extended periods of time, risks abound. The only way to eliminate these risks is to discover, continuously monitor and automate the lifecycle of all TLS certificates across the entire enterprise network -- and this includes short lived certificates that are used in the cloud, virtual and DevOps environments."
You can find out more on the Venafi blog.