As a result, Global enterprises are losing customers, millions in revenue and even shutting down completely. When asked how keys and certificates became a challenge for their businesses, 54% of those surveyed responded a lack of visibility and don’t know how many keys and certificates are deployed, where they are used, or what policies govern their use. Knowing that digital certificates have differing and short lifespans of weeks, months or years, this shows the incredible lack of policy enforcement and remediation that’s occurring internally within the information security department.
“When businesses fail to properly secure and manage their keys and certificates, there is a direct financial impact with lost customers and lost revenue,” said Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi. “Every business relies on cryptographic keys and digital certificates to operate, even if they don’t realize it. That’s why it’s imperative that IT ops and IT security teams conduct regular audits to locate all the certificates and keys they are using, determine expiration dates and then put proper policies in place to avoid data breaches, unplanned outages, and failed audits.”
Venafi’s 2015 Cost of Failed Trust Report also revealed:
· Unsecured keys and certificates are causing businesses to lose customers: Nearly two-thirds (59%) admitted to losing customers because they failed to secure the online trust established by keys and certificates.
· Business systems are failing: An average of over 2 certificate-related unplanned outages have been reported per organization over the last 2 years. Over the last 2 years, every business has failed one or more SSL/TLS audits and one or more SSH audits.
· The risk continues—at great cost: Our reliance on keys and certificates continues to grow with their increased use for SSL/TLS as well as mobile, WiFi, and VPN access, and the explosion of Internet of Things (IoT) devices. This increased reliance causes a dramatic increase in risk for availability, compliance, and security. However, the amount of risk is not equal across these areas—security risk at $53 million over the next 2 years dwarfs availability and compliance risk, which totals $7.2 million.
· Challenges must be addressed: Over half (54%) admitted to a lack of visibility and a lack of policy enforcement and remediation for keys and certificates. Organizations must address these challenges which underlie the security, availability, and compliance risks caused by unsecure keys and certificates.
“We hope this report will help Global 5000 security and executive teams realize the major risk that expired cryptographic keys and digital certificates are posing to the enterprise,” said Jeff Hudson, CEO, Venafi. “With keys and certificates broadly deployed and so integral to the future of business growth, this data is pointing to a symptom of a larger security issue - if you can’t manage your keys and certificates then you can’t protect them and you’re living in a world without trust. That’s why Venafi provides the Immune System for the Internet - we help Global 5000 enterprises everywhere find, manage and protect their keys and certificates, which are increasingly being targeted by cyber criminals for misuse.”
