From a load balancer to a cloud application to mobile devices, every entity on the network requires digital certificates. In a typical IT environment, multiple teams such as security, networking, and DevOps are involved in the development, governance, and maintenance of the network infrastructure. These teams have the flexibility of procuring and provisioning certificates independently to facilitate uninterrupted operations.
When multiple teams manage certificates, enforcing a uniform public key infrastructure (PKI) policy becomes challenging. Ad-hoc processes are error-prone and non-compliant and often lead to variations in cryptographic standards. The security risk is amplified when PKI teams rely on manual methods for discovering and monitoring certificates.
The financial services sector is facing cyber threats almost daily. Did a recent outage lead to financial losses and compliance issues in your organization? Alternatively, even more worrying, did your team spend a considerable amount of time figuring out what went wrong? Is your multi-cloud strategy creating multiple problems?
When it comes to banking and financial services, some characteristics make cyberattacks very serious in terms of occurrences and the potential severity of the impacts. A cyberattack in a banking institution can have severe effects on the day-to-day operations of an entire nation or even an entire region of the world.
According to the 2022 Ponemon Report: The State of Certificate Lifecycle Management in Global Organizations, 52% of respondents in the financial services mentioned that in the past two years, their organizations experienced one or more security incidents or data breaches due to a digital certificate compromise.
Let us look at some of the key challenges faced by a US-based Fortune 500 investment bank and financial services company. The customer had a significant number of x.509 certificates on file. While their Server, DevOps, and F5 teams used this tool, they found that they needed more functionality than the existing tool, especially in terms of automation and reporting. Interestingly, AppViewX’s network automation solution was being used alongside the current certificate management tool to automate workflows for their network devices – the certificate management tool did not offer deep compatibility with the AppViewX automation deployment tool.
The CISO’s Guide to Certificate Lifecycle Management
The IT team’s goals for the project included:
- Smooth migration from their existing solution to AppViewX without causing downtime of public key infrastructure (PKI) and security services.
- Carrying over the functionality of their existing tool and adding some critical features on top of it.
- Certificate lifecycle automation capabilities that leveraged AppViewX’s automation platform
- A shift from legacy machine identity management tools
- Increase in flexibility
- Reduction in operations cost
- End-to-end certificate lifecycle management
The AppViewX team engineered a seamless migration process that was in line with the customer’s objectives and promised to do a better job of triaging and auto-remediating issues while improving SLAs as a bonus.
Seamless platform migration: A successful migration was executed, with all the data being transferred into AppViewX seamlessly. AppViewX validated the transferred certificate data post-migration using its discovery engine. All the functionalities from their previous tool was carried over – while additional functionality was built into the solution as well.
Full-cycle visibility, management, and automation: AppViewX’s environment scanning and inventory consolidation tool helped the customer’s team build comprehensive inventories of certificates on file, complete with endpoint maps, statuses, and cryptographic details. AppViewX’s workflow automation capabilities enabled automation of certificate requesting/renewal processes, while built-in reporting capabilities provided ample visibility into critical stats like validity.
Reporting and issue remediation: AppViewX’s reporting feature helped the customer compile reports of potential vulnerabilities, such as self-signed certificates. This information could then define remediation tactics and policies using the automation platform.
Integration with ServiceNow: The AppViewX platform featured full integration capabilities with ServiceNow, allowing for cross-platform functionality.
Reduction in SLAs: As a result of AppViewX’s certificate lifecycle automation solution working cohesively with the network automation engine, teams could slash SLAs by up to 50% and significantly improve turnaround times on requests.