The financial services sector is facing cyber threats almost daily. When it comes to banking and financial services, some characteristics make cyberattacks very serious in terms of occurrences and the potential severity of the impacts. A security incident in a banking institution can have severe effects on the day-to-day operations of an entire nation or even an entire region of the world.
According to the 2022 Ponemon Report: The State of Certificate Lifecycle Management in Global Organizations, 52% of respondents in the financial services mentioned that in the past two years their organizations experienced one or more security incidents or data breaches due to a digital certificate compromise.
Let’s look at some of the key challenges faced by a Slovakian commercial banking giant tending to the banking needs of over two million clients. The bank faced recurring outages due to unexpected certificate expirations, which resulted from a lack of expiry notification mechanisms.
The customer had an extensive Public Key Infrastructure (PKI), subject to predefined policies and mandated management practices. Some of the certificates in their network were managed manually, while a fraction of the certificates was handled by a proprietary in-house solution. The manual management method meant no standard and automated notification mechanism for expirations and renewals. The complete process required significant human intervention per renewal.
Certificates were cycled through the environment. However, a lack of inventory visibility meant there was no documentation of every certificate on their network. This presented a two-pronged challenge – it made certificate operations more time-consuming and magnified the risk factor of possessing rogue, invalid, or expired certificates that were still associated with the network, thus acting as a potential vulnerability.
Certificate lifecycles were managed using manual methods and proprietary systems, which often contributed to unexpected expirations and outages. The lack of an alerting system before each expiry limited administrators’ capabilities to renew certificates well before they expired.
Without a robust PKI policy framework, policy enforcement mechanisms were difficult to implement, leading to significant error margins and increased costs in outage remediation, business interruptions due to downtime, and compliance fines.
The AppViewX team worked with the customer to implement a solution that solved issues with the existing setup, while setting the foundation to simplify operations in the long term.
AppViewX’s discovery engine was used to scan the client’s environment to detect certificates on devices. Certificates from multiple certificate authorities (CA) could be located and grouped. AppViewX provided various discovery methods (IP/Subnet, by CA, by device, etc.), which gave the team flexibility depending on the type of certificate(s) being located. It also generated certificate validity reports and was configured to send periodic expiry alerts to the owner(s) of certificates. This helped prevent network outages and downtime from certificate expirations. Integration with JIRA built into the AppViewX suite enabled certificate processes to work with their project management lifecycle.
The reporting and monitoring features of AppViewX CERT+ empowered teams with visibility and cognizance about the lifecycles of certificates, so they could better plan the management and maintenance of their PKIs.
PKI teams could define and enforce policies according to their organizational compliance rules. These rules, catering to issues such as certificate lifespan ceilings, were adhered to by default, resulting in 100% certificate compliance. This, in turn, delivered consistency in certificate management practices and eliminated the costs associated with non-compliance, resulting in significant savings on operational costs.
Granular role-based access allowed central PKI teams to delegate and self-service tasks such as certificate creation, revocation, and deletion. By integrating with ActiveDirectory, CERT+ set up well-defined access control to PKI and a review and approval process for every certificate task that was executed.
AppViewX’s lifecycle management workflows enabled automation of processes such as certificate requests and installations, saving the customer valuable time and eliminating manual errors. The bank’s PKI teams could minimize their dependence on manual scripts for certificate management. They could now renew or provision certificates with a single click, regardless of the CAs leveraged or endpoints.
Download the case study to know how AppViewX’s single-window capabilities for detection, renewal, and revocation helped centralize certificate lifecycle management, promoting collaboration between teams. Implementing full-cycle certificate management and automation eliminated the possibility of human error across the board.