Certificate expiry in enterprise IT: Putting an end to fear
Digital certificates are the driving force behind a secure modern internet. Everything uses them, and they're so fundamental that we almost forget they're there. Our online world of encrypted communication and transactional engagement hums along 'just right' thanks to their ability to ensure the digital trust is inherent to all our interactions. Until one expires.
Certificate expiry hits the headlines more often than anyone in IT would like. In 2021 it was Azure Active Directory. In 2022 it was Spotify. In 2023 it was Starlink. And back in 2017, it was Equifax. It's the kind of tech problem we all cringe when we see it. You don't want to get too cocky because there's that fear in the back of your mind that next time it could be you.
When certificate expiry hurts, it hurts big. In cases like Equifax, the expired certificate on a network tracking device went unnoticed for 76 days and led to the catastrophic exfiltration of 150 million PII records. But in many other cases, the expiry leads to a direct outage that stops the business in its tracks until resolved.
In 2022, research from IBM and Ponemon Institute showed that while the average cost of a data breach was USD$ 9.4 M inside the US and USD$ 4.4 M globally, the average cost of certificate expiry incidents was even greater at USD$ 11M. Ultimately, a breach may or may not shut down your business. But a certificate failure brings systems to a grinding halt.
Of course, there are many reputational reasons why data breach prevention receives the most critical attention in cybersecurity management. But customers also lose faith in a business that has a significant outage of any kind. Digital trust is at the heart of loyalty, and certificates are critical in both breach protection and wider business availability. Our 2022 Digital Trust research found that half of all those surveyed would stop doing business with a company if they didn't have faith in their security practices.
So why is certificate management something so many major organisations still fail to have control over? It's the ultimate in shooting yourself in the foot when it occurs, which is why CSOs and CIOs go ballistic when it happens. No one wants to have such a visible calling card on the state of how they're managing their environment. And yet it still happens.
This problem is a ticking time bomb for any organisation that is not managing digital certificate lifecycles, with centralised visibility playing a key role in maintaining control. In June 2020, America's National Institute of Standards and Technology (NIST) published a framework on securing web transactions that stresses the importance of certificate lifecycle management by establishing centralised visibility. Through a robust visibility system, it becomes far easier to discover potential vulnerabilities, such as weak algorithms, as well as to identify expiring certificates and ensure compliance with regulatory guidelines and corporate policies.
No one has time to manage certificates manually. In an average big business, we know there will be tens of thousands, even as many as tens of millions, of certificates across devices, digital assets, and services. Full control over certificate lifecycles is only possible through an automated lifecycle management tool.
Tools like DigiCert's Trust Lifecycle Manager can secure the full lifecycle of trust for certificates and PKI services. This offers a centralised repository of public and private certificates for complete visibility, with notifications to pinpoint where action is needed to prevent expiration and remedy any vulnerabilities. It also removes manual action, offering an automated process on a single pane of glass that is deployable anywhere, along with one-touch provisioning and renewal.
We regularly find ourselves talking to some of the biggest organisations in the world about certificate management, and it's an area of trust that continues to slip through the cracks. But there's no reason for this to be that fear in the back of your mind anymore. It's now a great example of how simple automation and centralisation can take a massive load off the tech team and bring peace of mind to leadership – letting certificates go back to being that stealth companion that makes digital enterprise as powerful as it can be today.