Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Survey: Post-It Notes, Spreadsheets Used To Manage Digital Certificates

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 24 Feb 2012 05:21:33 -0600 (CST)
http://www.darkreading.com/authentication/167901072/security/encryption/232601373/survey-post-it-notes-spreadsheets-used-to-manage-digital-certificates.html

By Kelly Jackson Higgins
Dark Reading
Feb 23, 2012
Certificate authorities (CA's) are still reeling from the wave of hacks against them over the past year. And it turns out their most of their customers are struggling to keep on top of their SSL certificates despite the increased threats. A new survey found that 54 percent of organizations say they don't have a complete or correct accounting of their SSL certificates, and 44 percent manage their lifecycle manually -- with Post-It notes and spreadsheets.
Michael Osterman, president of Osterman Research, which was commissioned by key management vendor Venafi to conduct the survey, says he was shocked by the lack of a sense of urgency about properly managing and protecting digital certificates. "Organizations are already behind in properly managing their certificate population via manual policies. With the expected growth in certificates, we anticipate more incursions, certificate breaches and other risks than we saw in 2011," he said in a statement.
The survey of 174 IT and IT security pros had several red flags about digital certificate management. Some 72 percent of organizations don't have an automated process in place in case their CA is hacked, so they can't automatically replace digital certificates. The risk there, of course, is a website or application outage in the event of an expired certificate.
Many (46 percent) can't even generate a report on digital certificates that are about to expire; it's a manual process to track certs that are reaching their expiration date. 

[...]


______________________________________________________________________________
Learn how to be a Pen Tester or a CISSP with Expanding Security online. Get
a free class invitation and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill
Previous By Date Next
Previous By Thread Next

Current thread: