• United States



by Jaikumar Vijayan

Success in Cybersecurity Requires Interoperability and Openness: Top Reasons Certificate Lifecycle Management Should be CA-Agnostic

Jan 21, 20223 mins
IT GovernanceSecurity

With an ever-growing volume of digital certificates from both public and private issuing authorities, it’s no longer tenable to manage their lifecycles with traditional methods.

istock 1282804749
Credit: istock/anyaberkut

Most modern enterprises use both internally issued digital certificates and those from external certificate authorities (CAs) to establish digital trust. Often, there is a dual-source strategy where they maintain a redundant CA vendor list to ensure minimal disruption in the event something goes wrong with their primary CA source. It’s also common for business units and pockets of employees to deploy and manage digital certificates for their specific requirements from a CA that is not their organization’s primary source. This can often result in a proliferation of certificates across the enterprise that IT is not aware of, and therefore can’t properly govern.

Digital certificates are now the critical foundation for human and machine identities (such as applications, devices, software). Managing all kinds of digital identities has become unwieldly given the sheer volume of certificates that organizations use in critical business scenarios such as cloud adoption, digital transformation initiatives, remote work environments, and myriad other use cases.

“As more of our lives become digitally enabled, we become more dependent on digital certificates,” says Tim Callan, Chief Compliance Officer at Sectigo. “Their volume and complexity have exploded in the past decade. They’re everywhere.”

Traditional methods to manage digital certificates — such as using spreadsheets, internally developed products, and other outdated on-premises management platforms — are no longer , according to Gartner. These approaches can be human-error prone, and typically lack the collaboration necessary between IT and operations teams to meet specific requirements.

Taking a neutral line

The volume and diversity of digital certificates is driving the need for technologies that enable centralized visibility across the entire multi-CA portfolio. IT and operations require capabilities that can help them automatically find, inventory, and centrally manage certificates from internal, private CAs, public CAs and CAs within the cloud environment.

Securely managing digital certificates means having a system that can discover all certificates across the organization, regardless of the issuing CA, and automate management from a single portal to gain operational control and apply consistent policies to govern their use.

Such capabilities are critical because digital certificates are no longer just about securing machine identities. They are the fundamental technology for securing human identities in a variety of critical use cases such as including identity-first zero-trust access, passwordless authentication, machine identity management, RPA security and document signing.

The shorter lifespan of SSL/TLS certificates is another reason why it’s important to standardize on a CA-agnostic Certificate Lifecycle Management (CLM) platform. These certificates now have a validity period of just 13 months, instead of 27 months. This reduction is designed to make it easier for organizations to roll out updates and minimize the risk of compromised digital identities being misused for an extended duration. The change means organizations now need the ability to renew certificates from different CAs at a much faster rate than they did previously.

Manual certificate management approaches and CA-specific CLM tools are not enough in today’s rapidly changing, digital environments. A CLM platform must be able to manage both human and machine identities, regardless of the issuing CA. For a CLM to meet the needs of enterprise IT leaders today it must leverage open standards and be interoperable with other technologies in the cybersecurity stack.

A raft of fast-growing critical use cases, including in areas such as DevOps, monitoring, and new open-source technologies to automate the provisioning of trusted certificates will continue to heighten the need for a CLM platform that is CA- and technology-agnostic.

Watch this webinar to learn more about the need to manage public and private digital certificates with an agnostic approach.