Managing digital certificates still a challenge, automation lagging
Managing digital certificates, especially expirations and renewals, continues to be a challenging process for businesses of all sizes, a study of over 300 IT professionals in the U.S. and the UK conducted by Opinium reveals.
There is also a great deal of misunderstanding about digital signatures, how they are different from electronic signatures and the need for each type.
PKI is a critical technology in the security ecosystem
As more companies look to automation and digital transformation during a time of heightened cybersecurity concerns, public key infrastructure (PKI) is a critical technology in the security ecosystem. It secures a wide variety of digital transactions, web domains, code and more.
Most companies rely on digital certificates and digital signatures, but the methods being utilized to manage the technology still leave plenty of room for error and improvement.
The survey found that among IT professionals in both the U.S. and the UK, three quarters felt they would be able to – or somewhat be able to – explain the difference between electronic and digital signatures, yet the detailed responses suggested a significant misunderstanding between the two types. For example, the survey suggested the biggest pain points for IT professionals in both the U.S. and UK when thinking about digital signing are managing expirations and certificate renewals (48%) yet when implemented correctly with automation, expired certificates should not impact signature validation.
Beyond digital signatures, top challenges respondents typically encounter when keeping track of certificates include managing multiple types of certificates (45%) and managing large quantities of them (41%).
IT pros still relying on Excel spreadsheets to manage digital certificates
One of the most surprising findings: 36% of IT professionals are still relying on Excel spreadsheets to manage certificates, even though automation tools are widely available.
The issue of managing certificates – especially expirations – continues to be a significant problem across businesses. Such occurrences can create costly service disruptions. In April alone, there were instances of certificate expiration in the gaming industry, at a large VPN and also with a major credit card company.
Despite these occurrences, only 39% of survey respondents ranked certificate outages and business interruptions among their biggest concerns of “getting PKI wrong”. But based upon the frequency with which certificate outages occur, their concern should be much greater.
The survey also uncovered further inconsistencies among respondents. While nearly 75% of IT professionals responded that they have the tools needed to stay on top of certificate expirations and renewals (now that the validity period for digital certificates has been reduced to 13 months), only 6% said they were happy with the way they currently manage certificates. The rest would make changes, such as spending less time managing them and making them:
- Easier to track (39%)
- Have automated certificate provisioning/enrollment (38%)
- Have centralized visibility and control (36%)
“IT has so many responsibilities now, which means there is no time for in-house certificate management. The obvious answer is to unload this complex process to an experienced provider,” said Lila Kee, General Manager, Americas, GlobalSign.
“The survey findings underscore that automation is a critical tool that enables IT professionals to better manage certificates. The advantages are extremely beneficial to the business enterprise. Not only does automation greatly reduce or eliminate certificate expiration, it alleviates compliance concerns and it frees up IT resources.”
Kee added: “As to the findings regarding digital signatures, they exposed how much education is still required so that IT professionals truly understand how PKI works and its many benefits.”