CyberArk unveils tools to ease burden of frequent TLS renewals
CyberArk has introduced new tools to assess and manage the operational and financial impacts of shrinking Transport Layer Security (TLS) certificate lifespans. The changes are set to bring significant challenges for IT and security teams as certificate validity periods will reduce from 398 days to just 47 days by 2029.
Certificate renewal surge
The CA/Browser Forum is mandating a phased reduction in public TLS certificate validity, requiring organisations to transition from annual renewals to potentially monthly updates.
By 2026, certificates will be valid for only 200 days, and by 2029, the lifespan will be shortened further to 47 days. Companies currently managing hundreds of certificates will face a dramatic increase in renewal frequency.
For businesses relying on manual processes, the labour implications are substantial. A company managing 500 certificates, which currently requires around 2,000 labour hours annually, could see this rise to more than 24,000 hours under the new regime.
This equates to a twelvefold increase in required effort, potentially expanding a two-person team to twenty-four staff members dedicated solely to certificate renewals.
Operational vulnerability
There is growing concern about the risk of system outages resulting from the need for more frequent certificate updates. According to CyberArk's research, 72% of security leaders experienced at least one certificate-related outage over the past year. Additionally, 67% reported monthly outages and 45% faced them weekly, with these numbers expected to rise as renewal intervals contract. Outages not only impact business continuity, but can also carry significant financial and reputational costs.
"Shorter certificate lifespans are more than a compliance shift - they are a business risk. Organisations will face a surge in renewals that manual processes simply cannot keep up with. The result is higher costs, operational strain, and potential system outages that can result in financial and reputational impact. Our new tools make it simple for security leaders to understand their exposure and build a strong case for automation before disruptions occur," said Kurt Sand, General Manager of Machine Identity Security, CyberArk.
Automated management
CyberArk's latest offerings include the TLS Certificate Renewal Impact Calculator and the TLS Certificate Discovery Scan. These tools are designed to help organisations visualise their exposure to the shorter certificate lifespans, quantifying the operational load and associated costs.
They also guide users through the process of automation, allowing businesses to evaluate the return on investment for modernising their certificate management.
The calculators are intended to simplify decision-making by providing clear data on how reduced certificate validity will affect workload. Organisations are encouraged to shift towards automated certificate lifecycle management to avoid the escalating risks and costs of manual handling.
CyberArk positions these tools as part of a broader suite within its Identity Security Platform, which supports privileged access management and resilience across multi-cloud environments.
"Organisations will face a surge in renewals that manual processes simply cannot keep up with. The result is higher costs, operational strain, and potential system outages that can result in financial and reputational impact," said Sand.
