This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Rogue certificates 'affecting businesses as much as authorities'

Share this article:

Almost three-quarters of businesses have no capability to detect or locate a rogue certificate.

According to a survey of 175 businesses by enterprise key and certificate management (EKCM) solutions vendor Venafi, 72 per cent of respondents admitted that they had no automated process to replace compromised certificates; this means that if their certificate authority (CA) were compromised, they would be ignorant of where the offending certificates were and have no way of automatically locating and replacing them.

As with the case of Diginotar last year, where it was hacked and rogue certificates were issued for legitimate websites, the Venafi survey found that existing manual processes would require weeks to identify the vulnerable certificates; 76 per cent of respondents expected their certificate population to grow in 2012.

More than half (54 per cent) admitted to having an inaccurate or incomplete inventory of their SSL certificates, with 44 per cent admitting that their digital certificates are manually managed with spreadsheets and reminder notes.

Also, 46 per cent said they would not be able to generate a report detailing how many digital certificates they owned, and 70 per cent admitted that they did not have a certificate management system that would remind them if a certificate renewal request failed.

Jeff Hudson, CEO of Venafi, said: “Organisations protect mission-critical and often regulated data with hundreds or thousands of encryption keys and digital certificates. As this survey reveals, too many companies have inaccurate or incomplete data about their security assets.

“The unquantified and unmanaged risks these certificates and keys pose is significant, risks magnified through their increasingly pervasive use in corporate data centres, cloud-based systems and mobile devices.”

This week Venafi launched the Assessor tool that scans an organisation's network to locate and analyse deployed digital certificates and the associated encryption keys. According to the company, Assessor produces a series of reports that detail the security, operational and compliance risks derived from the data it collects and provides remediation recommendations based on industry best practices and the aggregate experience of Venafi customers.

“With Assessor, organisations can quantify the extent of their risks, turning assumptions about their certificates and encryption keys into hard data. We are now providing this capability to organisations at no cost,” said Hudson.

Share this article:
close

Next Article in News

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Turn off WPS on routers for WiFi security

Turn off WPS on routers for WiFi security ...

A Swiss researcher is advocating turning off WPS to secure routers after finding a flaw that eliminates the randomness of codes generated by some routers when WPS is switched on...

Apple's iCloud hacked, nude celeb photos posted

Apple's iCloud hacked, nude celeb photos posted

Questions have been raised about the security of Apple's iCloud service, after a hacker posted nude pictures of celebrities to the 4Chan forum, claiming they were obtained after a hack ...