Organizations Are Unprepared for the Shift to 90-Day TLS Certificates and Post-Quantum Cryptography, New Venafi Research Reveals
30 Julio 2024 - 8:00AM
Business Wire
Majority of Security Leaders Believe Shorter
Certificate Lifespans Will Leave Many Companies Blindsided, With
More Outages “Inevitable”
Venafi, the leader in machine identity security, today released
a new research report, Organizations Largely Unprepared for the
Advent of 90-Day TLS Certificates. The report examines
organizations’ current state of preparedness to transition to new
machine identity standards, including shorter certificate
lifecycles and post-quantum cryptography.
This press release features multimedia. View
the full release here:
https://www.businesswire.com/news/home/20240730471629/en/
New Venafi Research: Organizations
Largely Unprepared for the Advent of 90-Day TLS Certificates
(Graphic: Business Wire)
A survey of 800 security decision-makers across the U.S., UK,
Germany and France revealed that more than three-quarters (76%) of
security leaders recognize the pressing need to move to shorter
certificate lifespans to improve security. However, many feel
unprepared to take action, with 77% saying the shift to 90-day
certificates will mean more outages are inevitable.
Additional highlights from the survey findings include:
- 90-Day Certificate Challenges – Eighty-one percent of
security leaders believe Google’s proposed plans to shorten TLS
certificate lifespans from 398 days to 90 days will amplify
existing challenges they have around managing certificates. An
overwhelming 94% of survey respondents are concerned about the
impact of the changes, with nearly three-quarters (73%) saying it
could cause “chaos” and a further 75% saying it could even make
them less secure.
- Volatile CA Landscape – The recent decree that
certificates issued by Certificate Authority (CA) Entrust can no
longer be trusted is just the latest example of disruption in the
CA market. In fact, 88% of security leaders report their
organization has been impacted by CA revocations. Of these, 45% had
to deploy extra resources to find, revoke and replace certificates;
38% suffered a security incident; and 31% had a certificate-related
outage.
- Quantum Denial – With momentum gathering around the need
to migrate to new quantum-resistant encryption algorithms, 64% of
security leaders say they “dread the day” the board asks about
their migration plans. Seventy-eight percent say if a quantum
computer capable of breaking encryption is built, they will “deal
with it then,” with 60% believing that quantum computing doesn’t
present a risk to their business today or in the future. Moreover,
67% dismiss the issue, stating it has become a
“hype-pocalypse.”
“We recently lived through the world’s greatest IT outage – the
CrowdStrike update outage was an error and unexpected. Security
teams know they will be hit with major risks when new outages occur
from what they love to hate: more expiring certificates,” said
Kevin Bocek, chief innovation officer at Venafi. “Shifting to
shorter certificate lifecycles significantly reduces these risks
and is a necessary move. However, this can also bring more chaos
for security teams – and it’s a double whammy with Entrust being
distrusted in Chrome. There aren’t just canaries in the coal mine;
there are groundhogs in every cloud, virtual machine and Kubernetes
cluster. It’s not just one software update vendor; it’s the entire
Internet as we know it.”
The introduction of 90-day certificates means organizations will
need to renew their certificates five times more often than they do
now – quintupling the effort needed. The survey reveals this will
be a major challenge for businesses for two reasons:
- Delayed Deployment – Only 8% of security leaders fully
automate all aspects of TLS certificate management across their
entire enterprise, with almost a third (29%) still relying on their
own software and spreadsheets to manage the problem. As a result,
it takes an average of 2-3 working days (21.75 hours) to deploy a
certificate.
- TLS Transformation – The volume of TLS certificates in
use at organizations has been steadily rising, due to the growth in
technology adoption in recent years. Ninety-five percent of
security leaders say digital transformation initiatives have
increased their organization’s use of SSL/TLS in the past year by
an average of 36%. As a result, the average enterprise now manages
3,730 TLS certificates – a number that is expected to increase by
39% by 2026, taking the figure up to over 5,000.
Similar challenges exist with quantum. Sixty-seven percent of
survey respondents believe shifting to post-quantum cryptography
will be a nightmare, as they don’t know where all their keys and
certificates are. Looking at the specific challenges these shifts
present, the potential speed of the migration, scale and cost, as
well as lack of internal skills and knowledge were cited as the top
three concerns. However, 86% say taking control of the management
of keys and certificates is the best way to prepare for future
quantum risks.
“There’s great news: from 90-day certificates to replacing
distrusted CAs to making the transition to post-quantum, security
teams today have machine identity security capabilities they didn’t
have available just a few years ago. Security teams can get
certificate lifecycle management (CLM), PKI-as-a-service and
workload identity issuers all on one control plane now,” Bocek
concludes. “The business case is simple for making sure 90-day
certificate lifetimes don’t wreak havoc. We know the problem is
coming, unlike the last major IT outage, and the automation we put
in place with machine identity security gets us ready for the
post-quantum future, the next CA distrust and running in whatever
cloud our developers choose.”
To read the full report, visit
https://venafi.com/lp/organizations-largely-unprepared-for-the-advent-of-90-day-tls-certificates/.
Additional Resources:
- Infographic
- Blog post
- 90-Day TLS Readiness Assessment
About Venafi
Venafi is the cybersecurity market leader in machine identity
security. From the ground to the cloud, Venafi solutions manage and
protect identities for all types of machines—from physical and IoT
devices to software applications, APIs and containers. Venafi
provides global visibility, lifecycle automation and actionable
intelligence for all machine identity types and the security and
reliability risks associated with them.
With more than 30 patents, Venafi delivers innovative machine
identity security solutions for the world's most demanding,
security-conscious organizations and government agencies, including
the top five U.S. health insurers, top five U.S. airlines, top four
payment card issuers and top four U.S. banks. As a leading provider
of open source machine identity security solutions, Venafi is the
creator of the open source cert-manager project, which is
downloaded more than 1.5 million times a day. For more information,
visit https://venafi.com/.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240730471629/en/
Pauline Louie pauline.louie@venafi.com (801) 676-6900