How Effective is Your Organization’s Certificate Expiration Management?


On May 7th, for the second time this year, the Baltimore city government computers were infected by ransomware. Hackers demanded that a hefty ransom of over $75,000 be paid for each affected computer in order for users to safely recover critical files, emails, and other documents. However, according to the city mayor, Baltimore, no evidence of any personal data being compromised had come to notice. A week after the attack, Baltimore officials also assured that the website was safe to visit even while the criminal investigation was on. It is also being said that damages resulting from this attack have made the city poorer by $18 million.

This, and other similar occurrences of attacks on cybersecurity, seems to be on the rise worldwide.

Another security threat that bothers enterprise IT is the management of digital certificates and keys. A case in point is the bug armagadd-on part 2, which was caused by the expiry of Mozilla certificates that were used to check the signatures of add on codes in Firefox desktop and Android web browsers. The expiration caused the universal failure of Firefox plug-ins and extensions which lasted till the teams rolled out a temporary fix for all Firefox browsers that could be applied in the background.

As a marketer, I had to write a custom report on a customer’s web performance around this time. A two-week engagement on paper that, thanks to the richness of data available, took just three days to deliver. The customer opted to continue the engagement hoping to glean more value and insights in the remaining days.

Related Articles:   Federal BOD 19-02: Certificate outages are now federally-recognized threats!

During the course of the week, he informed me that they were looking to purchase a valuable software package for certificate management and wondered if AppViewX could deliver the functionality that they were looking for. Being in the same line of business, I couldn’t help asking why they were looking into certificate management and how they currently managed their certification expiry.

He then explained that their financial management website, on a particular rusty weekend, had four certificates expire on them as the dates weren’t being tracked. This caused the site to be brought down and resulted in massive inconvenience to customers and a blow to their revenue stream. They were looking for a solution to proactively notify them when certificates were due to expire within 30 days. I confidently recommended CERT+ to them as a perfect fit for their situation.

The AppViewX CERT+, a part of the AppViewX family, is a Certificate Lifecycle Automation solution that runs on the AppViewX platform. CERT+ helps enterprise IT manage and automate the entire lifecycle of their internal and external PKIs. CERT+ provides extensive visibility into multi-vendor certificates and encryption key infrastructure, which helps protect the enterprise from any form of application outages or security breaches.

PKIs are no longer restricted to secure emails, swiping access through cards for physical access to office spaces and infrastructure, or even the highly networked and abuzz web traffic. Their role is now larger since they are meant to support enterprise infrastructures and complex ecosystems. Data security rules and regulations have buckled up to ensure that one is able to rely more on PKIs to build organizational trust.

Related Articles:   Equifax to Pay Approx. $700 Million in Settlement of 2017 Data Breach Charges

AppViewX is a modular, low-cost software application and caters to fortune 500 companies that use this platform at scale. The brand believes in low code automation for NetOps and SecOps. Our sales team met with the state government in the Midwest US that operates more than 700 online applications on 300 devices offering a variety of services to its citizens, from seeking job opportunities to filing business taxes. The state government had a dedicated, four-person certificate management team with access to multiple vendor portals and tracking certificates in its spreadsheets. The team had to handle certificate requests from more than 20 application teams, and the requests often got delayed or not tracked.

The AppViewX CERT+ solution automated the end-to-end management of these certificates, which helped the state government achieve the much-needed application-level visibility into its certificate management. Using just one application, the team could procure certificates from any vendor of its choice based on need, ensuring the process was simple and seamless. The platform made it easier for the application teams to generate and manage their own certificates through a simple, easy-to-use user interface. This reduced delays, and unnecessary dependencies and workflows.

CERT+ provides the complete view with certification, compliance, key management and key lifecycle automation working with the best of technology and channel partners. AppViewX also has several recognitions associated with its name including Gartner rating. If you are a customer looking for certification, meet with our sales or reach out to us for a live demo before you take the final call.

You wouldn’t regret the time you spent with us.

– Amit

Related Articles:   Is Your Enterprise Protected Against Man-in-the-Middle Attacks?

Want more great content?

Subscribe to our blog to get tech tips, industry news, and thought leadership articles right in your inbox!