Between February 15th and February 16th, 2021, Google Voice, Google’s telephone service, experienced a worldwide outage that prevented its users from making and receiving calls for over four hours. On February 28th, 2021, Google published an incident report stating the cause of the outage – an expired TLS certificate. This is not an isolated issue, in April 2021 Epic Games also had an outage caused by a certificate this are high profile outages but over 80% of companies have had a certificate related outage in the past few years.
The reason? With the move to the cloud and zero-trust, certificates are being used by the thousands and with IoT by the millions. While the need for certificates has exponentially increased, the tools to support the management of certificates have not. With more than half of organizations still using spreadsheets to manage their certificates, it is time for the tools to evolve to meet the need.
So, what are the main points organizations must address to fix the certificate problem?
In the early days, you could have a handful of security professionals manually managing the certificates for the whole organization. Today with organizations issuing millions of certificates each year, manually managing certificates would require a large team, and the changes of missing one and causing an outage are too great. The solution must enable engineers across the organization to self-service request certificates while still maintaining control with role-based access and domain registration.
With the ever-growing number of certificates, it is important to have an automated way to register every certificate that has been issued and track their expiration date. This should not be limited to private certificates, but we should also be looking at Certificate Transparency logs and monitoring all certificates created under the company’s domain.
With the exponential growth of certificates, it is impossible for humans to keep track of each of the millions of certificates meaning computers must step in and automate the certificate lifecycle. This will not only avoid costly outages but will also free critical personnel to focus on other pressing issues.
As PKI experts, we know how hard it is to manage and secure a PKI. This is why we have created tools to remove the complexity of managing your own PKI and SSL certificates.
EZCA enables you gain visibility into your organization by centralizing the certificate issuance process to a simple to use tool. With EZCA cloud integrations, certificate lifecycle management is “set and forget”, meaning once you create your first certificate EZCA will take care of automatically rotating it.
EZMonitor compliments EZCA by enabling you to scan your internal network as well as monitor Certificate Transparency Logs. EZMonitor uses the intelligent cloud to prevent outages by notifying you of certificate misconfigurations, as well as prevent and detect attacks by monitoring the logs and alerts on found vulnerabilities or attacks.
If you want a to get a PKI assessment book a call with our PKI experts and learn how you can modernize your PKI today!