More often than we’d like to admit, we tend to underestimate the impact of every moving part within an organization—especially those that seem small or insignificant. And usually, it’s not until we’re facing the fallout of neglecting that seemingly insignificant factor when we realize what a mistake we’ve made.
This was exactly what Mozilla, the open-source browser company, encountered after failing to take care of a certificate renewal that disabled the Firefox browser add-ons for millions of Firefox users across the world on Saturday, May 4. It was found that the root cause of the issue was an expired intermediate certificate, which the company was using to digitally sign Firefox extensions. This, apart from disabling the extensions for users, also prevented users from reinstalling or reactivating Firefox add-ons.
The cost of disregarded digital identities
This isn’t the first time an expired certificate has contributed to service outages. Tech giants such as Equifax, LinkedIn, Ericsson, and many others have overlooked the importance of digital certificate management, falling victim to data breaches, service downtimes, and many other repercussions.
A recent Ponemon report clearly outlines the price organizations pay when they disregard these valuable digital identities.
Out of 600 IT security professionals surveyed, 74 percent of respondents stated that unmanaged security certificates have caused and continue to be one of the predominant reasons for unexpected service downtimes.
The average expected cost for an organization experiencing service downtimes from expired certificates will be $11.1 million over the next two years.
Yet, 71 percent of respondents stated they don’t know how many keys and certificates their organizations hold.
These figures indicate that, although there’s awareness on the need for certificate life cycle management, when it comes to implementation, most organizations have a long way to go.
Automation is the best approach
Why automation? Because humans make mistakes—a lot of them.
Though certificate renewal isn’t rocket science, it’s an extremely critical task. But it can be challenging for administrators to manually keep track of the expiration dates of thousands of certificates deployed to hundreds of servers, especially in large organizations. Imagine having to discover all the active SSL certificates in your organization manually, while keeping tabs on their usage and renewing certificates that are about to expire—all without missing a single one. Managing certificates manually is an extremely daunting and highly error-prone task.
Therefore, the best way to deal with this scenario is to enforce automation on all your certificate management operations. Ideally, your organization’s certificate management strategy should include a solution that can streamline and automate the management of certificate life cycles. In addition to discovering all the existing certificates and consolidating them in a centralized repository, the solution should be able to request and acquire certificates from third-party certificate authorities, deploy the certificates to their respective end-point servers, and alert administrators when certificates are about to expire, all from a single pane of glass.
Key Manager Plus, ManageEngine’s web-based SSH key and SSL certificate management solution, helps IT administrators gain complete visibility into their SSH and SSL environments. It provides them with centralized control and automates life cycle management—from acquisition and deployment to tracking renewal, usage, and expiration—for all certificates within an organization’s network.