Digital Certificate Management, Encryption Keys Create Enterprise Security Challenges
In an age of compliance regulations and a growing awareness of the costs of a data breach, encrypting data has become a key part of many enterprise security plans. But encrypting data has little value if an organization loses track of encryption keys.
And it is that last part that a recent survey (PDF) by key management vendor Venafi suggested is a challenge for many organizations out there. In a survey of 471 enterprise managers and executives, the firm found 54 percent either had unaccounted for or stolen encryption keys or were uncertain if they did. When it came to digital certificates, the figure was 51 percent.
"While digital certificates and their associated encryption keys are leveraged heavily for mission-critical applications, they do not come without overhead," said Jeff Hudson, CEO of Venafi. "Once a certificate is installed and in use, it is easy to forget about, lose track of, or have the responsible administrator move on to another project or position. All certificates have expiration dates. Applications and processes that are relying on the certificate for security or trust stop functioning when a certificate expires.
"Because most corporations have hundreds or thousands of certificates in use that are being managed manually, unplanned system outages are increasingly common and can have disastrous effect," he added.