Businesses not prepared for PKI automation
As we reported three months ago, there are some significant changes coming to the PKI marketplace, not least being Google's move to reduce the lifespan of SSL/TLS certificates.
A new report from GlobalSign, based on 110 responses, finds 30 percent of respondents say the increased administrative work and complexity of the changes is their biggest concern.
A seven-year rotation for root certificates is manageable and would not cause a significant impact say 20 percent. 15 percent of those who responded worried about costs and overhead. This is of particular concern to small businesses and websites, where added costs might not be justified by the owners. Another 30 percent express concerns with older or legacy systems, frequent expirations as well as security and compliance challenges.
"It's clear that many challenges to certificate automation exist, whether you are an enterprise level organization or an SMB. There are a lot of steps to overcome before the vast majority of customers can support full automation," says Doug Beattie, vice president, product management at GMO GlobalSign. "On the plus side, tools are available today to remove the pressure of certificate automation. Our products such as Automated Certificate Management Environment (ACME) greatly aid a company in this process. Our industry does not have clarity when a mandated 90-day automation may become real, but judging from our survey, organizations with concerns should begin taking steps now. In the long run, it will serve them well."
The study also asked about general barriers to automation. 38 percent believe that technical limitations and compatibility are the biggest blockers to automation. This includes not having out-of-the-box solutions for automating certificate management, the lack of support for automated renewal in certain systems or environments (such as Windows, IIS, Plesk), and the incompatibility of some systems with standard automated solutions.
A quarter named cost and resource concerns as possible obstacles, while 20 percent say a lack of knowledge or expertise is another potential challenge to automating certificates. 10 percent also cite security concerns, especially the governance and control of a fully automated system.
You can see a summary of the findings in the infographic below.