New research finds that despite increased threats, organizations still can’t agree on how to properly govern digital certificates – exposing the enterprise to greater risk
More than a year after the historic and damaging SolarWinds attack, nearly 65% of organizations still are unable to secure and govern the growing volume of machine and application identities in the form of digital certificates, the backbone of enterprise security. This is according to the new State of Certificate Lifecycle Management in Global Organizations report from AppViewX, the leader in automated certificate lifecycle management (CLM), and the Ponemon Institute.
The report, based on a survey of 1,586 IT and Security professionals on the challenges and strategies in digital identity and access management (IAM), found that more than half of respondents say their organizations have experienced one or more security incidents or data breaches due to a digital-certificate related compromise within the last two years. According to the data:
- The root causes of security incidents include a cyberattack (57%), a certificate authority (CA) compromise (49%), or employee/third-party negligence (48%)
- Of organizations that fell victim to a data breach, nearly two-thirds (58%) of the organizations experienced severe or very severe financial consequences
- To prevent these incidents from occurring, only four in 10 organizations have an enterprise-wide security strategy for managing cryptographic keys and certificates
Recognizing these issues, many organizations have started to shift their priorities, putting greater emphasis on machine identity management (MIM), as well as managing and securing digital certificates (54%) versus human identities, such as usernames and passwords, (46%), which they feel are less important. In fact, organizations are set to spend around $1.2 million this year to manage and secure their certificates. Despite this, only one third of respondents say they have an accurate inventory of all of their certificates – a lack of comprehensive visibility that can prove damaging to their overall security postures.
"The fact that companies are spending such an exorbitant amount on managing and securing digital assets, yet less than 15% of respondents consider their current CLM programs to be mature, is concerning to say the least,” said Gregory Webb, CEO of AppViewX. “With nearly half of organizations routinely experiencing security incidents from certificate expiries, it's no longer responsible or feasible to use manual, siloed tactics and systems or legacy antiquated tools in a CLM program. Adopting a Zero Trust strategy bolstered by automation is the only cost-effective and viable way forward.”
Half of respondents not only view automation as a key component to their CLM programs but also use an identity-first approach that puts identity at the center of Zero Trust security strategies. Additional findings include:
- 52% of respondents say their organizations use automation to manage certificates
- Of those who are automating, the benefits include: ensures tasks are performed consistently and improves security by removing administrator access to keystores
- Financial services and public sector are most likely to automate the management of certificates
“Our research with AppViewX reveals there’s been a great awakening for a large number of organizations that recognize the importance of a CLM program, but it’s also unveiled the fact that there’s a false sense of security that leaders at these organizations are effectively capable of managing their digital certificates through current tactics,” said Larry Ponemon, chairman and founder of the Ponemon Institute. I’m confident that CLM automation will be what helps organizations accelerate growth, enable modernization, and create scalable foundations in the future.”
To download and view the full report, please visit AppViewX’s website here.
To learn more about these findings, please join AppViewX’s live webcast on March 30, 2022 at 11:00 a.m. EDT.
Research Methodology
The State of Certificate Lifecycle Management in Global Organizations was commissioned online using a rigorous multi-level screening process by market research specialist Ponemon Institute. The final sample comprised 1,586 IT and IT security practitioners in a variety of industries including financial services, healthcare, industrial & manufacturing, public sector, retail and services. Respondents were from large enterprises based in North America, Europe and Asia-Pacific. All respondents are familiar with their organizations’ certificate lifecycle management program, IAM program, digital transformation initiatives and digital identity management.
About AppViewX
AppViewX is a pioneer and leader in certificate and key lifecycle automation, Machine Identity Management, and IoT and DevOps security solutions. The AppViewX Platform is a modular software application that enables the automation and orchestration of network infrastructure using an intuitive, context-aware, visual workflow. It quickly and easily translates business requirements into automation workflows that improve agility, enforce compliance, eliminate errors, and reduce cost.
AppViewX automates NetOps, SecOps, and DevOps for Fortune 1000 companies, including six of the top ten global commercial banks, five of the top ten global media companies, and five of the top ten managed healthcare providers. AppViewX is headquartered in New York with additional offices in the U.K., Australia and three development centers of excellence in India. For more information, visit https://www.appviewx.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20220323005159/en/
Contacts
Media
Mel Rubbelke on behalf of AppViewX
media@appviewx.com