Enterprises face increasing challenges with certificate management


A report released today finds that approximately 60 percent of businesses are using three
or more secure sockets layer (SSL) providers and suggests a lack of centralized processes for SSL certificate management.
The study from domain security company CSC analyzed usage trends and patterns for more than 802,000 digital certificates linked to 2.4 million domains. It finds domain validated (DV) certificates account for three-quarters (73.4 percent) of certificates while organization validation (OV) certificates represent nearly a quarter (24.6 percent). Extended validation (EV) certificates account for less than two percent (1.9 percent).
With low-cost, easy-to-obtain DV certificates dominating the market among organizations, cybercriminals exploit this trend by obtaining similar low-cost certificates to impersonate brands -- making fraudulent websites look authentic with a https-secured site -- tricking customers into clicking malicious links that compromise data.
“SSL certificates play a critical role in authenticating the legitimacy and safety of an online brand, including the validation of credentials and the encryption of the connection between a website’s server and a user’s browser,” says Mark Flegg, senior director of technology, CSC Security Products and Services. “As the industry approaches shortened SSL certificate renewal life cycles, organizations cannot afford to delay their transitions to certificate automation or to compromise the security of their organizations with fragmented SSL management. It’s concerning that 72% of respondents we surveyed were either completely unaware of or didn’t know the details of the upcoming industry changes -- and as many are unsure of or not ready for automation. Missed renewals could further bring down entire domains and applications that are the backbone of business operations -- such as payment gateways, email, VPN, and collaboration tools for chat, video calls, and document sharing.”
The findings also show that the top three certificate providers are not enterprise-class providers, yet they supply the majority of DV certificates (89 percent) used by the analyzed organizations. The combination of easy-to-obtain certificates and consumer-grade providers who don’t offer the enterprise class support needed to help companies prepare for upcoming SSL industry changes creates a recipe for serious disruption to organization services and reputation.
“Organizations are about to face the most transformative period for domain security,” adds Flegg. “A lack of understanding around proper certificate strategy, and the absence of urgency to effectively prepare for new certificate life cycles, will leave many online brands and digital identities playing a never ending game of catch up. Those who prioritize automation, consolidating their certificate solutions providers, and working with enterprise-class domain partners will ensure a smoother, safer transition that minimizes the risk of costly expiration outages and security incidents.”
The full report is available from the CSC site.
Image credit: funtap/depositphotos.com