Security certificate expirations open the door to hackers. Digital workflows can keep your data safe and your certificates up to date.
CIOs, CISOs, and enterprise IT leaders have spent decades building defense-in-depth cybersecurity architectures to seal off security holes from rogue attackers. But, like a day-trader working around the clock to find the next big trade, day-hackers are relentless in seeking out the next big hole.
One of the biggest and easiest holes to exploit is the one that opens up when a company forgets to renew one of their TLS (transport layer security) certificates. Just one expired certificate outage can result in a huge financial loss, costing an average of $15 million to recover. Even worse, can lead to a breach of your customers’ private information, sinking your reputation and wiping out trust in an instant.
In the midst of managing global enterprise IT, renewing one of your TLS certificates can easily slip through the cracks. And if it does, their expiration opens the front and back doors to hackers.
Unplanned certificate expirations have been the reason behind some of the most massive outages and data breaches in history, including LinkedIn, Microsoft, Ericsson, and most recently, Google Voice. Recently, a well-known Fortune 500 company spent months with an expired PKI (public key infrastructure) certificate. All the while, day-hackers were inside pilfering customer data and trust, neither of which will be regained.
The lifespan of new TLS certificates is limited to 398 days, down from the previous maximum certificate lifetime of 825 days per the Certificate Authority Browser Forum is a voluntary consortium that governs how certificates are managed and audited. The cap on expiration improves a businesses’ security posture, but now companies must be doubly aware of renewing their certificates—a process usually done manually by your public key infrastructure team and oftentimes managed in spreadsheets.
So what’s an enterprise to do? Workflow it.
Get ahead of expirations
With automated workflows, companies can get ahead of certificate expirations—and avoid outages. Automated workflows can be set up to flag every TLS certificate well in advance and get them renewed before they ever have a chance to expire.
A digital workflow platform can help you create workflows that manage the entire TLS lifecycle. Once your certificates are managed on a single platform, you will be able to:
See all of your certificates in one place
Automatically discover your deployed certificates, creating a centralized inventory in your CMDB.
Avoid service outages and security breaches
Drive optimized certificate renewal processes, including renewing soon-to-be-expired certificates and raising incidents for expired tickets.
Focus on what matters
Prioritize renewal of certificates that support mission-critical services and eliminate the cost of renewing certificates that are no longer needed.
Reduce operational effort
Improve your certificate management processes with service-aware workflows that automatically assign work to the right application and service owners and track its progress.
Scale for digitization
Keep pace with rapidly increasing certificate volumes as your business digitizes more and more processes and adopts cloud-based microservice architectures.
ServiceNow’s Certificate Inventory and Management solution allows you to discover, take inventory of, and proactively manage all your TLS certificates. It keeps you informed of impending expirations, creates certificate tasks via workflows to renew expiring certificates, and creates incidents for already expired certificates.
It seems strange that such huge consequences would hang upon something as mundane as renewing a certificate. And yet, here we are, in a world where, among other things, a partial U.S. government shut down led to multiple expired security certificates that took down more than 80 federal websites.
From NASA to the DOJ, citizens were unable to access the sites and services they depend on. Even worse, those websites—and the sensitive data therein—were left vulnerable to malicious actors, both domestic and foreign. Let’s hope businesses everywhere take this cautionary tale as a cue to implement digital workflows to automate their certification renewals—for the good of their customers, their reputation, and their bottom line. d