Excerpts from 2022 Ponemon Report: Certificate Lifecycle Management in Global Organizations
Digital transformation is a clear business imperative. However, the approach for driving digital transformation in your organization is often blurry. Despite the rising trend, many organizations continue to be dissatisfied with their cloud adoptions. The failure to achieve “desired operational agility” by moving to the cloud has become a question mark, making them want to reconsider their decision. One of the most cited roadblocks to realizing cloud adoption success is, surprisingly, cloud security.
To remove security issues from the cloud success equation, organizations must rethink their cybersecurity approach. Instead of fixing the perimeter, organizations must reinforce digital identity management and implement a zero-trust framework to secure multi-cloud and hybrid cloud environments.
Critical building blocks of a digital organization should be assembled carefully. Think of digital identity as a crucial enabler that serves as a connector providing enhanced security and improved user experience.
Digital identities or digital certificates are the faces of your enterprise online. When a customer visits your application, these certificates help determine their first impression of your enterprise and often dictate their relationship and level of trust with you in the future.
A study sponsored by AppViewX and conducted by the Ponemon Institute© reveals why investing in digital identity management is crucial. The study goes deeper and unearths some of interesting regional trends. One observation is that regions that are early adopters of a digital economy are the digitally competitive regions. This leaves us with a pertinent question – “Can you become a digital company without digital identity management?”
As part of the study, approximately 1,600 IT and IT security practitioners across industry verticals were interviewed about the importance of managing digital identities. These professionals reside in North America, Europe, and the Asia Pacific and have deep expertise in identity and access management (IAM) programs, digital transformation initiatives, digital identity management, and certificate lifecycle management (CLM) programs.
According to Statista, as of 2021, the United States ranked as the most digitally competitive country globally. “Digital competitiveness rankings aim to analyze a country’s ability to adopt digital technologies and implement these technologies within enterprises and government organizations.”
As per the Institute for Management Development (IMD), the World Digital Competitiveness ranking “analyzes and ranks countries’ ability to adopt and explore digital technologies leading to transformation in government practices, business models and society in general.” Digital competitiveness is assessed based on three primary criteria: knowledge, technology, and future readiness.
Key Findings
Embracing Zero-Trust Cybersecurity Model: A Fundamental Mind Shift
Adoption of a zero-trust strategy is highest in North America.
- Forty-two percent of respondents in North America say their organizations have adopted zero-trust.
- Sixty-two percent of these respondents say it is very or highly effective in protecting digital assets in a perimeter-less environment.
- Thirty-eight percent and 35 percent of respondents in Europe and the Asia-Pacific say their organizations have a zero-trust strategy.
North America and Asia-Pacific respondents have the most effective zero-trust strategy.
- Sixty-two percent of respondents in North America and the Asia-Pacific have implemented a highly effective zero-trust strategy.
In the past two years, North American organizations were more likely to have one or more security incidents or data breaches due to a digital certificate compromise.
- Fifty-six percent of respondents in North America had one or more digital certificate compromises.
- Fifty-one percent of European respondents and 48 percent of Asia-Pacific respondents experienced a security incident or data breach.
2022 Ponemon Report: The State of Certificate Lifecycle Management in Global Organizations
The primary cause of the security incident or data breach was a cyberattack.
- Sixty percent of respondents in North America experienced digital certificate compromises due to cyberattacks.
- For 51 percent of respondents in Europe, it was due to compromise of a certificate authority (CA).
Automation – The Way Forward
With digital transformation being the key driving force behind the adoption of digital identity management, automation is being embraced globally to manage digital certificates.
Many organizations in North America (56 percent of respondents), Europe (51 percent of respondents), and the Asia-Pacific (49 percent of respondents) have implemented security automation to manage certificates.
-
- In North America, 43 percent of respondents say automation ensures tasks are performed consistently across the enterprise.
- In Europe, 44 percent of respondents say automation improves security by removing administrator access to keystores.
- In North America, 37% percent of respondents agree that automation simplifies the adoption of hardware security modules (HSM) to improve the protection of private keys.
2022 Ponemon Report: The State of Certificate Lifecycle Management in Global Organizations
According to the Ponemon study, all regions agree that their strategy for managing certificates secures, governs, and verifies machine-to-machine communications. Sixty percent of respondents in North America agree that their investments in managing certificates and keys are more significant than investments in human identities. This is not surprising, given that the United States became a digital economy quite fast compared to Europe and the Asia-Pacific.
The digital revolution began in the latter half of the 20th century, and the United States of America was an early adopter. Although the use of digital technology by companies in the European Union is increasing, it has not yet bridged the gap with the United States. As of 2020, 37% of European businesses had not embraced any new digital technology. This was only 27% in the United States.
Recommendations
Automate the management of certificates. Manually managing certificate lifecycles is slow, error-prone, and highly inefficient. Automating certificate and key lifecycle management – enrollment, provisioning, renewal, and revocation – helps keep digital identities up-to-date and effectively eliminates outages. Processes such as policy management and SSH key rotation can be automated for enhanced security.
Implement structured certificate management processes. Ensure all operations teams have visibility and control over their public key infrastructure (PKI).
Ensure an accurate inventory of certificates. Employ a comprehensive tool that runs complete, top-down scans across your entire network to discover every certificate. These scans need to run periodically for a healthy inventory free from undocumented certificates.
Public Key Infrastructure (PKI) should be monitored for weak links. It has become apparent that even the best-designed PKIs require supporting systems to help manage them by streamlining certificate tasks, key rotations, and the entire gamut of PKI operations.
An efficient certificate lifecycle management solution will not only enable administrators to renew, revoke, or install certificates from a single interface but also weave together multiple vendors (CAs, hardware security modules – HSMs, identity, and access management – IAM tools et al.) and allow them to work in tandem with your PKI.
Automation of certificate management based on policies laid down by the enterprise, the CA, and industry regulations is crucial. PKI administrators should group certificates based on their type, use-case, and criticality and apply a different policy for each certificate group. Policy-based automation takes care of certificate lifecycle tasks such as time-bound certificate renewals, key rotation, access privileges, and compliance audits.
Become a digital company. Embrace digital identity management.