Gone in Minutes, Out for Hours: Outage Shakes Facebook – “When apps used by billions of people worldwide blinked out, lives were disrupted, businesses were cut off from customers — and some Facebook employees were locked out of their offices.”
Facebook and its family of apps, including Instagram and WhatsApp, suffered severe outages for hours on October 4, 2021, that resulted in financial losses, not to mention the impact such incidents can have on brand value. Facebook said in a blog post that the six-hour outage was the result of a configuration change to its routers — not of a hack or attempt to get at user data. Facebook says that “this disruption to network traffic had a cascading effect on the way our data centers communicate, bringing our services to a halt.”
The above companies that have experienced outages are not some cash-strapped entities but giants in their respective domains. This goes on to show that no company, big or small, is immune to unplanned outages. While outages can happen for many reasons, let’s take a closer look at something increasing with each passing day – an integral part of any organization’s Identity and Access Management (IAM) strategy – and that is machine identity.
In the modern IT environment, data, applications, and devices are no longer bound by the confines of corporate premises or data centers. They are distributed across multiple private and public clouds and the edge. With network perimeters fading away, traditional security frameworks will no longer function the way they used to, thereby putting enterprise data at risk.
Machine identities are digital certificates that serve as proof of a machine’s authenticity on a network. These certificates help validate machines’ identities and enable them to securely communicate with other devices and applications on the web through encrypted channels.
With valuable data continuously being exchanged between applications in cloud environments, containers, IoT, and mobile devices, it is crucial for organizations to secure this machine-to-machine communication. This is achieved by protecting and diligently managing machine identities, in other words, digital certificates.
Most enterprises now manage close to hundreds – or even thousands – of certificates regularly in their network infrastructure. Given their finite lifespans, these certificates must be monitored, tracked, and renewed on time to avoid expensive application outages. However, the maintenance required isn’t the only challenge posed by the growing number of SSL/TLS certificates – security of private keys and the trust associated with the entire certificate chain is also a significant concern.
All it takes is one expired certificate to bring down the biggest of giants.
Leading public key infrastructure (PKI) experts from enterprises verticals have revealed two critical problem areas in PKI management:
- Lack of visibility into the digital certificate landscape
- Lack of automation
Removing Haystacks to Locate Needles
Visibility is the cornerstone of any protection mechanism. Yet, most enterprises still have little to no visibility into their certificate infrastructure. Most of the information that ensures complete visibility is either improperly documented or not documented at all when managed manually in spreadsheets. Even when they are documented, the high risk of human error impacts the accuracy of the inventory.
Most of the digital communication happens over secure channels and requires digital certificates. While getting a proper certificate involves time and money, technology helps create self-signed certificates for testing purposes. Anyone with great ease can generate these self-signed certificates. Temporary certificates might come with third-party software. These temporary certificates are supposed to work for initial testing purposes and should be replaced before being pushed into production.
However, many times because of a slip in the process, these temporary certificates make their way into an organization’s infrastructure without the knowledge of the team managing these certificates. At times, certificates are deployed by application owners that the centralized security groups or public key infrastructure (PKI) admins might not be aware of or have an inventory of. While rogue, unknown, and unmanaged certificates often lead to unplanned application outages, they also serve as easy targets for hackers.
Even for known certificates, many times, the most challenging part of mitigating a certificate-related issue is not identifying the certificate but it is often locating it on time. When a certificate is distributed across multicloud, heterogeneous environments, it is necessary to capture information such as locations, owners, associated applications, expiry date, and signatures diligently to eliminate breaches.
Think Smart Discovery
Smart Discovery of AppViewX CERT+ discovers certificates in various ways from a variety of sources for holistic visibility. AppViewX CERT+ is a turn-key solution for all PKI needs of an organization. CERT+ discovers certificates from various devices and applications across hybrid-cloud or multicloud environments. Unauthenticated network scan and authenticated scan of devices, certificate authority (CA) accounts, and cloud accounts are used to discover as many certificates as possible. Appropriate knobs are available to balance discovery time and pressure on the network.
Are You Leaving Automation Behind?
How do you manage your PKI? Does it involve automation? Or does it stop with certificate discovery, inventory, and monitoring? Then you aren’t managing PKI; that is PKI mismanagement.
There are several solutions in the market that do certificate lifecycle management. They scan your applications and network devices for certificates, add them to their inventory, monitor their status, and alert the security team of expiring certificates and other vulnerabilities. However, their job ends there. The actual task of renewing expired certificates – requesting a new certificate and provisioning them on the endpoints – is left to the PKI engineer to execute manually.
Then there are solutions that provide a certain degree of automation, but that is highly questionable. The “automation” they offer is usually scraps from their ecosystem of partners, and that too comes at a cost.
The AppViewX Next-Gen Machine Identity Automation Platform – Your path towards crypto-agility
The Next-Gen Machine Identity Automation Platform consolidates security automation solutions for certificates, keys, IoT security and SSH access management across multicloud environments. The platform enables microservices and zero-trust with service mesh, making the entire system more flexible, adaptable, efficient and agile. With easy consumption models, the platform helps secure machine identities as a service, on-prem, in the cloud and on the edge.
Powered by AppViewX CERT+, the enhanced platform addresses security compliance driven by exponential growth in machine identities by eliminating manual provisioning and management and ensuring end-to-end visibility.
Download the whitepaper to understand how different solutions provided by AppViewX work together in perfect harmony for orchestrating and governing digital identities.
Think Visibility. Think Automation. Think Security.
Set up a free discovery workshop.
Scan QR code