[ISN] Survey: Post-It Notes, Spreadsheets Used To Manage Digital Certificates

From: InfoSec News <alerts_at_private>
Date: Fri, 24 Feb 2012 05:21:33 -0600 (CST)
http://www.darkreading.com/authentication/167901072/security/encryption/232601373/survey-post-it-notes-spreadsheets-used-to-manage-digital-certificates.html

By Kelly Jackson Higgins
Dark Reading
Feb 23, 2012

Certificate authorities (CA's) are still reeling from the wave of hacks 
against them over the past year. And it turns out their most of their 
customers are struggling to keep on top of their SSL certificates 
despite the increased threats. A new survey found that 54 percent of 
organizations say they don't have a complete or correct accounting of 
their SSL certificates, and 44 percent manage their lifecycle manually 
-- with Post-It notes and spreadsheets.

Michael Osterman, president of Osterman Research, which was commissioned 
by key management vendor Venafi to conduct the survey, says he was 
shocked by the lack of a sense of urgency about properly managing and 
protecting digital certificates. "Organizations are already behind in 
properly managing their certificate population via manual policies. With 
the expected growth in certificates, we anticipate more incursions, 
certificate breaches and other risks than we saw in 2011," he said in a 
statement.

The survey of 174 IT and IT security pros had several red flags about 
digital certificate management. Some 72 percent of organizations don't 
have an automated process in place in case their CA is hacked, so they 
can't automatically replace digital certificates. The risk there, of 
course, is a website or application outage in the event of an expired 
certificate.

Many (46 percent) can't even generate a report on digital certificates 
that are about to expire; it's a manual process to track certs that are 
reaching their expiration date.

[...]


______________________________________________________________________________
Learn how to be a Pen Tester or a CISSP with Expanding Security online. Get
a free class invitation and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill
Received on Fri Feb 24 2012 - 03:21:33 PST

This archive was generated by hypermail 2.2.0 : Fri Feb 24 2012 - 03:20:52 PST