Most Chief Information Officers (CIO) are worried about the security risks associated with the proliferation of TLS machine identities, which is aggravated by the fact that many of them don’t have an accurate account of the number of certificates deployed in their infrastructure.
Devices need TLS certificates to communicate with servers securely. Certificates are so widely used in today’s communications that accounting for all of them is problematic. Keeping an inventory along with the expiration dates only exacerbates the hassle.
A new survey from Venafi looked at this very problem and gathered responses from 550 CIOs from the United States, United Kingdom, France, Germany and Australia. In large organizations, TLS certificates are not something special, but it turns out that there might be a certain superficiality in how CIOs account for a potential security issue.
“The study revealed that 75% of global CIOs expressed concern about the security risks connected with the proliferation of TLS machine identities,” revealed the survey. “However, 93% of respondents estimated that they had a minimum of 10,000 active TLS certificates by their organizations; and 40% say they have more than 50,000 TLS certificates in use.”
With so many certificates deployed in the infrastructure of a single organization, one of the most significant problems is keeping track of the expiration dates. With only a handful of certificates, keeping close tabs on the expiration dates is easy. However, with more than 50,000 on hand, even a single expiration can cripple a business.
More than half of CIOs (56%) worry that they could experience outages resulting from expired certificates, an issue that’s only going to become worse as 97% of CIOs estimated that the number of TLS machine identities used by their organization would increase at least 10–20% over the next year.