SSL/TLS certificate management is not usually given the attention it deserves, despite the fact that they are so vital to ensuring security, confirming identities, and supporting online payments. This is especially true when it comes to digital certificates used within the enterprise. Particularly for larger organizations, the assets behind a firewall or within a virtual private network, need to be protected. The stakes are high and it is vital to ensure that only legitimate devices and authorized individuals have access. That is where internal certificates have proven their worth, but organizations too often neglect necessary management tasks.
Potential troubles inside the business
In fact, with the interconnected nature of modern business, internal certificates can be just as critical as those associated with public sites. If certificates affiliated with internal sites are not managed properly, cascading problems such as preventing employees from accessing needed resources or locking out access to data that could be needed either internally or externally can be a result. This kind of problem can sometimes persist “under the radar” because it may be handled by an IT service desk “ticket” and may only impact low-level employees. But the direct and indirect costs can add up.
Out of date digital certificates not only impact internal operations, often there are dependencies between external and internal sites that need to be addressed to prevent service disruptions for customers.
However, it’s no wonder that organizations hesitate. Some reasons why organizations are unable to successfully manage internal only digital certificates include:
- Managing SSL/TLS certificates used in internal environments is often a major undertaking, frequently larger in scale than managing external certificates.
- Certificates can get misplaced or information about them can be lost when an employee leaves an organization.
- There can be digital certificates issued by internal certificate authorities for which no record has been maintained.
- Certificates may expire requiring a belated effort to renew or replace those certificates.
It all adds up to a time-consuming mess that can also generate serious problems if ignored.
Reviewing the role of certificates in security
It is worth reviewing the intimate relationship between valid, properly maintained certificates and overall security processes.
Public Key Infrastructure (PKI) is a more-or-less universal aspect of data protection everywhere on the planet and make possible the use of SSL or TLS, the cryptographic protocols that support secure communications over computer networks. The biggest problem with PKI is human – the methods used to record and manage certificates is often primitive – pencil scratchings on a pad of paper or, for more sophisticated operations, data entry into a spreadsheet such as Excel. But all of these methods depend on the habits of individual people. For the method to succeed, they must remember to accurately record information. They must check regularly for needed certificate renewals, etc. Likewise, because data entry is manual, errors are inevitable.
Automating past the problem
Fortunately, there are options – automated options that can unify and manage all the SSL/TLS certificates in a company’s environment and do so with minimal human involvement.
We’ve developed Keyhub – a solution that accomplishes this by scanning the internal environment of an organization with the help of a software agent. Operations are simple. A user simply downloads and installs the agent on their network and the agent gets to work looking for digital certificates. When it finds a certificate, Keyhub copies its main attributes, metadata and source where it was found to a cloud site where it can be cataloged and identified and then tracked so that certificates can be easily renewed, eliminating the likelihood of simply expiring.
Organizations that have chosen to automate internal as well as external certificates quickly discover they have saved labor, reduced confusion, better-controlled certificate costs, and above all, reduced risks associated with certificate problems.