This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Rogue certificates 'affecting businesses as much as authorities'

Share this article:

Almost three-quarters of businesses have no capability to detect or locate a rogue certificate.

According to a survey of 175 businesses by enterprise key and certificate management (EKCM) solutions vendor Venafi, 72 per cent of respondents admitted that they had no automated process to replace compromised certificates; this means that if their certificate authority (CA) were compromised, they would be ignorant of where the offending certificates were and have no way of automatically locating and replacing them.

As with the case of Diginotar last year, where it was hacked and rogue certificates were issued for legitimate websites, the Venafi survey found that existing manual processes would require weeks to identify the vulnerable certificates; 76 per cent of respondents expected their certificate population to grow in 2012.

More than half (54 per cent) admitted to having an inaccurate or incomplete inventory of their SSL certificates, with 44 per cent admitting that their digital certificates are manually managed with spreadsheets and reminder notes.

Also, 46 per cent said they would not be able to generate a report detailing how many digital certificates they owned, and 70 per cent admitted that they did not have a certificate management system that would remind them if a certificate renewal request failed.

Jeff Hudson, CEO of Venafi, said: “Organisations protect mission-critical and often regulated data with hundreds or thousands of encryption keys and digital certificates. As this survey reveals, too many companies have inaccurate or incomplete data about their security assets.

“The unquantified and unmanaged risks these certificates and keys pose is significant, risks magnified through their increasingly pervasive use in corporate data centres, cloud-based systems and mobile devices.”

This week Venafi launched the Assessor tool that scans an organisation's network to locate and analyse deployed digital certificates and the associated encryption keys. According to the company, Assessor produces a series of reports that detail the security, operational and compliance risks derived from the data it collects and provides remediation recommendations based on industry best practices and the aggregate experience of Venafi customers.

“With Assessor, organisations can quantify the extent of their risks, turning assumptions about their certificates and encryption keys into hard data. We are now providing this capability to organisations at no cost,” said Hudson.

Share this article:
close

Next Article in News

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...